No Output in Windows

[DarknightCanada]

Hello,

The tool does not generate any output in Windows. It works fine in Linux but in Windows no.

` ___________
_ /_ ____ ____ ________ ____
| ) _ __ _/ __ _/ __ \_ // __
| \ | | /\ /\ / / /\ /
_ / || _ >_ >____ \___ >
/ / / / /
(@Tyl0us)
Soon they will learn that revenge is a dish... best served COLD...

[!] Missing Garble... Downloading it now
exec: no command:
[] Encrypting Shellcode Using AES Encryption
[+] Shellcode Encrypted
[!] Selected Process to Suspend: notepad.exe
[+] Loader Compiled
[] Compiling Payload
exec: no command:
[+] Payload loader.exe Compiled`

Even though it says payload compiled but no output

[Tylous]

Looks to be an issue related to where garble is put. I'll have to make some changes for windows...

[mgeeky]

Hi man! Any plans on supporting Windows anytime soon? :)

Would love to add support for your Freeze in my ProtectMyTooling but currently its impossible :(

[Tylous]

Apologies for the delay. I am in the process of updating multiple tools including this one. For right now I've heard from people that using it with WSL on Windows works fine. I am not sure if that's been thoroughly tested but it might be a workaround atm. If you want to test that for me and let me know it can help me with developing a fix.

[mgeeky]

Ack! Will try it out, thanks :)

[Tylous]

@mgeeky did that work for you or do I need to retool it?

[mgeeky]

Aaaay sorry Matt, didn't try it yet. Last days were from hell for me. Christmas coming now so unsure if I can sit down to this :(

[HopHouse]

@Tylous Do you mind looking the the pull request #9 ?
I think it would close this issue and make it works with @mgeeky ProtectMyTooling tool.

[mgeeky]

Hi @HopHouse - thanks for picking this up!

Tried compiling your fork and using it with PMT, but no joy:

cmd> D:\dev2\ProtectMyTooling\contrib\Freeze\Freeze.exe -I "calc64.bin" -O "foo.exe"

[.] Command returned:
------------------------------
        ___________
                \_   _____/______   ____   ____ ________ ____
                 |    __) \_  __ \_/ __ \_/ __ \\___   // __ \
                 |     \   |  | \/\  ___/\  ___/ /    /\  ___/
                 \___  /   |__|    \___  >\___  >_____ \\___  >
                     \/                \/     \/      \/    \/
                                                (@Tyl0us)
                Soon they will learn that revenge is a dish... best served COLD...

        [!] Missing Garble... Downloading it now
        [+] Executed code:
        $env:GOBINB=$GOBIN;
        $env:GOBIN="d:\test\.lib";
        go install mvdan.cc/garble@latest
        $env:GOBIN=$GOBINB;
        $env:GOBINB=$null


        [!] Selected Process to Suspend: notepad.exe
        [+] Loader Compiled
        [+] Executed code:
        $env:GOPRIVATEB=go env GOPRIVATE;
        go env -w GOPRIVATE=*
        $env:GOOS="windows";
        $env:GOARCH="amd64";
        d:\test\.lib\garble.exe -seed=random -literals build -o "foo.exe"
        go env -w GOPRIVATE=$GOPRIVATEB;
        $env:GOPRIVATEB=$null

        [*] Compiling Payload
        go list error: exit status 1: go: cannot find main module, but found .git/config in d:\test
                to create a module there, run:
                cd ..\.. && go mod init

        [+] Payload foo.exe Compiled

Looks like there needs to be more setup made ahead to satisfy golang dynamic compilation requirements.

[Tylous]

Let me take a look at this as well. I will get back to you all shortly.

[Tylous]

After looking at it @mgeeky its something I need to tweak ahead of time. @HopHouse I appreciate your pull request but it didn't work for me. I will work on addressing this shortly.

[HopHouse]

@mgeeky I had the same error but in order to not alter the code to much I found an alternative.
You have to git clone the project and then execute Freeze from inside the directory.

Worked for me.

[pr0b3r7]

Running into the same error, even when from inside the cloned repo after a fresh build and having go and garble installed...

C:\Tools\TA0005 Defense Evasion\Freeze>"C:\Tools\TA0005 Defense Evasion\Freeze\Freeze.exe" -I ".\beacon.exe" -O ".\freeze_beacon.exe" -process "MsMpEng.exe" -sandbox

        ___________
        \_   _____/______   ____   ____ ________ ____
         |    __) \_  __ \_/ __ \_/ __ \\___   // __ \
         |     \   |  | \/\  ___/\  ___/ /    /\  ___/
         \___  /   |__|    \___  >\___  >_____ \\___  >
             \/                \/     \/      \/    \/
                                        (@Tyl0us)
        Soon they will learn that revenge is a dish... best served COLD...

[!] Missing Garble... Downloading it now
exec: no command:
[!] Selected Process to Suspend: MsMpEng.exe
[+] Loader Compiled
[*] Compiling Payload
exec: no command:
[+] Payload .\freeze_beacon.exe Compiled

C:\Tools\TA0005 Defense Evasion\Freeze>garble
Garble obfuscates Go code by wrapping the Go toolchain.

        garble [garble flags] command [go flags] [go arguments]

For example, to build an obfuscated program:

        garble build ./cmd/foo