4

I asked this previously then deleted since I think I asked the question without gearing it towards msfvenom and custom EXE templates.

There is a 64-bit Windows PE written in assembly that ships with Metasploit that I am trying to compile to an EXE and use as a custom template for msfvenom. How do I compile/link/include windows DLL in Kali? I have Mingw installed.

I have tried this: 

nasm -fwin64 -o 64exetemplate.o 64exetemplate.nasm

Then tried to link with Mingw like :

86_64-w64-mingw32-ld -o 64exetemplate.exe 64exetemplate.o

How do I get the asm to compile/link? I think there is a path to kernel32.dll missing and I am not sure of the syntax.

Both give errors. From the previous question, I understand I need to tell Mingw/gcc where the windows DLL or kernel32.dll are?

root@box:/ nasm -f win64 64exetemplate.asm -o tiny.o
64exetemplate.asm:7: error: parser: instruction expected
64exetemplate.asm:8: error: symbol `extrn' redefined
64exetemplate.asm:8: error: parser: instruction expected
64exetemplate.asm:12: error: parser: instruction expected
64exetemplate.asm:26: error: symbol `main' redefined
64exetemplate.asm:26: error: parser: instruction expected
64exetemplate.asm:28: error: parser: instruction expected
64exetemplate.asm:29: error: parser: instruction expected
64exetemplate.asm:30: error: comma expected after operand 1
64exetemplate.asm:31: error: symbol `payload' redefined
64exetemplate.asm:31: error: parser: instruction expected



root@box:/ x86_64-w64-mingw32-ld -o 64exetemplate.exe 64exetemplate.o 
64exetemplate.o:(.text+0x1d): undefined reference to `VirtualAlloc'
64exetemplate.o:(.text+0x3d): undefined reference to `ExitProcess'

Original assembly file that was used to create the 64-bit Windows portable execution. 

; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)
; Architecture: x64
;
; Assemble and link with the following command:
; "C:\Program Files\Microsoft Visual Studio 9.0\VC\bin\x86_amd64\ml64" template_x64_windows.asm /link /su$

extrn ExitProcess : proc
extrn VirtualAlloc : proc

.code

        main proc
                sub rsp, 40        ;
                mov r9, 40h        ;
                mov r8, 3000h      ;
                mov rdx, 4096      ;
                xor rcx, rcx       ;
                call VirtualAlloc  ; lpPayload = VirtualAlloc( NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE$
                mov rcx, 4096      ;
                mov rsi, payload   ;
                mov rdi, rax       ;
                rep movsb          ; memcpy( lpPayload, payload, 4096 );
                call rax           ; lpPayload();
 xor rcx, rcx       ;
                call ExitProcess   ; ExitProcess( 0 );
        main endp

        payload proc
                A byte 'PAYLOAD:'
                B db 4096-8 dup ( 0 )
        payload endp
end

Again, I know that I asked this before (now deleted) but this is a great question for people wanting to edit the PE ASM to create custom EXE templates with msfvenom. I hope I framed this question better.

Anders
  • 64,406
  • 24
  • 178
  • 215
user9225381
  • 41
  • 2

1 Answers1

0

Unfortunately, there exists no single standard for assembly language files. (While the instructions are obviously part of the ISA, the specific syntax of the files and particularly the features like extrn are specific to each assembler.) To compile this on linux, you would need to adjust the syntax of the assembly source to use nasm or gas syntax. The existing file is designed for MASM (the Microsoft Assembler).

David
  • 15,814
  • 3
  • 48
  • 73
  • I managed to get Visual Studio 9.0 to create the . obj file as described above in the commented section of the assembly file. I am still not sure how to get the EXE. That is where I tried Mingw without success. Since I am familiar with linux assembly, I have had good luck with nasm. But still not sure how to put this together or the exact syntax under this scenario using the PE with metasploit. – user9225381 Jan 17 '18 at 12:19