Skip to content
This repository was archived by the owner on Aug 18, 2023. It is now read-only.

Not working #16

Open
Open
Not working#16
@G0ne

Description

@G0ne
G0ne
opened on Jul 1, 2023

I tried to run freeze on the .bin of mimikatz generated by https://github.com/EgeBalci/amber, the newly created .exe does not work
Running just the .bin code works fine
This is the following error message I get:

[DEBUG] [*] Creating Suspended Process: notepad.exe
[DEBUG] [*] Suspend Process ID: 8028
[DEBUG] [*] Creating Handle to Suspend Process
[DEBUG] [*] Process Handle OK
[DEBUG] [+] Parsing Our Proccess's Ntdll.dll Structure
[DEBUG] [+] Reading Ntdll.dll .Text Bytes and Storing Them to a Variable
[DEBUG] [+] NTDLL .text Address In Memory: 7FFFAF911000 NTDLL Size: 12D000
[DEBUG] [+] Restoring Our Proccess's Ntdll.dll .Text Space
[DEBUG] [+] Hooks Flushed Out
[DEBUG] [*] Patching ETW...
[DEBUG] [*] Loading Shellcode...
[DEBUG] [*] Calling NtAllocateVirtualMemory
[DEBUG] [*] Calling NtWriteVirtualMemory
[DEBUG] [*] Calling NtProtectVirtualMemory
Exception 0xc0000005 0x1 0x2b3abaf0009 0x2b3abe561b1
PC=0x2b3abe561b1

runtime.cgocall(0xc40760, 0xc0009882c0)
        /usr/lib/go-1.19/src/runtime/cgocall.go:158 +0x4a fp=0xc00006bc78 sp=0xc00006bc40 pc=0xbe366a
syscall.SyscallN(0x7fffadf713c0?, {0xc00006bd10?, 0x3?, 0xc00006bd20?})
        /usr/lib/go-1.19/src/runtime/syscall_windows.go:557 +0x109 fp=0xc00006bcf0 sp=0xc00006bc78 pc=0xc3baa9
syscall.Syscall(0x9?, 0x2b384404c01?, 0x2b384404c01?, 0x0?, 0xc3965a?)
        /usr/lib/go-1.19/src/runtime/syscall_windows.go:495 +0x3b fp=0xc00006bd38 sp=0xc00006bcf0 pc=0xc3b6bb
golang.org/x/sys/windows.(*Proc).Call(0xc000098030?, {0xc000088060?, 0xca5620?, 0x1?})
        /home/kali/go/pkg/mod/golang.org/x/sys@v0.9.0/windows/dll_windows.go:172 +0x107 fp=0xc00006bdf0 sp=0xc00006bd38 pc=0xc899e7
golang.org/x/sys/windows.(*LazyProc).Call(0xc000098030, {0xc000088060, 0x2, 0x2})
        /home/kali/go/pkg/mod/golang.org/x/sys@v0.9.0/windows/dll_windows.go:348 +0x50 fp=0xc00006be20 sp=0xc00006bdf0 pc=0xc8a6f0
main.kgveiwDi()
        /home/kali/tools/SolBypass/Freeze/b.exefldr/b.exe.go:289 +0x313 fp=0xc00006bed0 sp=0xc00006be20 pc=0xc99793
main.main()
        /home/kali/tools/SolBypass/Freeze/b.exefldr/b.exe.go:213 +0x325 fp=0xc00006bf80 sp=0xc00006bed0 pc=0xc98e85
runtime.main()
        /usr/lib/go-1.19/src/runtime/proc.go:250 +0x1fe fp=0xc00006bfe0 sp=0xc00006bf80 pc=0xc1777e
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc00006bfe8 sp=0xc00006bfe0 pc=0xc3eec1

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000045fb0 sp=0xc000045f90 pc=0xc17b16
runtime.goparkunlock(...)
        /usr/lib/go-1.19/src/runtime/proc.go:369
runtime.forcegchelper()
        /usr/lib/go-1.19/src/runtime/proc.go:302 +0xb1 fp=0xc000045fe0 sp=0xc000045fb0 pc=0xc179b1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000045fe8 sp=0xc000045fe0 pc=0xc3eec1
created by runtime.init.6
        /usr/lib/go-1.19/src/runtime/proc.go:290 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000047f90 sp=0xc000047f70 pc=0xc17b16
runtime.goparkunlock(...)
        /usr/lib/go-1.19/src/runtime/proc.go:369
runtime.bgsweep(0x0?)
        /usr/lib/go-1.19/src/runtime/mgcsweep.go:297 +0xd7 fp=0xc000047fc8 sp=0xc000047f90 pc=0xc02777
runtime.gcenable.func1()
        /usr/lib/go-1.19/src/runtime/mgc.go:178 +0x26 fp=0xc000047fe0 sp=0xc000047fc8 pc=0xbf74c6
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000047fe8 sp=0xc000047fe0 pc=0xc3eec1
created by runtime.gcenable
        /usr/lib/go-1.19/src/runtime/mgc.go:178 +0x6b

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc000052000?, 0x13b9ab8?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000059f70 sp=0xc000059f50 pc=0xc17b16
runtime.goparkunlock(...)
        /usr/lib/go-1.19/src/runtime/proc.go:369
runtime.(*scavengerState).park(0x1448600)
        /usr/lib/go-1.19/src/runtime/mgcscavenge.go:389 +0x53 fp=0xc000059fa0 sp=0xc000059f70 pc=0xc007b3
runtime.bgscavenge(0x0?)
        /usr/lib/go-1.19/src/runtime/mgcscavenge.go:622 +0x65 fp=0xc000059fc8 sp=0xc000059fa0 pc=0xc00dc5
runtime.gcenable.func2()
        /usr/lib/go-1.19/src/runtime/mgc.go:179 +0x26 fp=0xc000059fe0 sp=0xc000059fc8 pc=0xbf7466
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000059fe8 sp=0xc000059fe0 pc=0xc3eec1
created by runtime.gcenable
        /usr/lib/go-1.19/src/runtime/mgc.go:179 +0xaa

goroutine 5 [finalizer wait]:
runtime.gopark(0x0?, 0x1394400?, 0x0?, 0xa0?, 0x2000000020?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000049e28 sp=0xc000049e08 pc=0xc17b16
runtime.goparkunlock(...)
        /usr/lib/go-1.19/src/runtime/proc.go:369
runtime.runfinq()
        /usr/lib/go-1.19/src/runtime/mfinal.go:180 +0x10f fp=0xc000049fe0 sp=0xc000049e28 pc=0xbf65cf
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000049fe8 sp=0xc000049fe0 pc=0xc3eec1
created by runtime.createfing
        /usr/lib/go-1.19/src/runtime/mfinal.go:157 +0x45

goroutine 18 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000055f50 sp=0xc000055f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc000055fe0 sp=0xc000055f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000055fe8 sp=0xc000055fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 34 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000985f50 sp=0xc000985f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc000985fe0 sp=0xc000985f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000985fe8 sp=0xc000985fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 6 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc00005bf50 sp=0xc00005bf30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc00005bfe0 sp=0xc00005bf50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc00005bfe8 sp=0xc00005bfe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 7 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000981f50 sp=0xc000981f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc000981fe0 sp=0xc000981f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000981fe8 sp=0xc000981fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 8 [GC worker (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000983f50 sp=0xc000983f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc000983fe0 sp=0xc000983f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000983fe8 sp=0xc000983fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 19 [GC worker (idle)]:
runtime.gopark(0x193dc4a18860?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc000057f50 sp=0xc000057f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc000057fe0 sp=0xc000057f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc000057fe8 sp=0xc000057fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 20 [GC worker (idle)]:
runtime.gopark(0x193dc41f9850?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc0000b3f50 sp=0xc0000b3f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc0000b3fe0 sp=0xc0000b3f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc0000b3fe8 sp=0xc0000b3fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25

goroutine 21 [GC worker (idle)]:
runtime.gopark(0x193dc41f9850?, 0x0?, 0x0?, 0x0?, 0x0?)
        /usr/lib/go-1.19/src/runtime/proc.go:363 +0xd6 fp=0xc0000b5f50 sp=0xc0000b5f30 pc=0xc17b16
runtime.gcBgMarkWorker()
        /usr/lib/go-1.19/src/runtime/mgc.go:1235 +0xf1 fp=0xc0000b5fe0 sp=0xc0000b5f50 pc=0xbf94d1
runtime.goexit()
        /usr/lib/go-1.19/src/runtime/asm_amd64.s:1594 +0x1 fp=0xc0000b5fe8 sp=0xc0000b5fe0 pc=0xc3eec1
created by runtime.gcBgMarkStartWorkers
        /usr/lib/go-1.19/src/runtime/mgc.go:1159 +0x25
rax     0x2b3abaf0000
rbx     0x2b3842b7cb0
rcx     0x0
rdi     0x2b3842b7cb0
rsi     0x0
rbp     0xb7b53ffc10
rsp     0xb7b53ffbb8
r8      0x2b3842b7cd8
r9      0x0
r10     0xd7d12ff51054c170
r11     0x246
r12     0x2b3abaf0007
r13     0x0
r14     0x2b3abaf0000
r15     0x0
rip     0x2b3abe561b1
rflags  0x10206
cs      0x33
fs      0x53
gs      0x2b

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions