Accenture/Spartacus

Can't find a way: "!! 0[] System.Array.Empty() ".

qing-root opened this issue · 15 comments

Hello, I have encountered a mistake in the process of using, and I have not found a solution for the moment, could you please help me to look at it?

C:\Users\Oadmin\Desktop\Spartacus-v2.2.0-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\PublicVulnerableDLLFiles.cs v --solution C:\Users\Public --verbose
image

Can't find a way: "!! 0[] System.Array.Empty() ".

My system version is

OS Name:                   Microsoft Windows Server 2012 R2 Datacenter
OS Version:                6.3.9600 N/A Build 9600
OS Manufacturer:           Microsoft Corporation

Hi,

Does your user have access to write to all the paths passed as a parameter? For instance I see that you've specified --solution to be in C:\Users\Public. Can you give it a go with putting all paths/files on the current user's desktop and let me know if that works?

Thanks,
Pavel

Hello, I have tried these paths and I have permission to access them

C:\Users\Oadmin\Desktop\Spartacus-v2.2.0-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\Oadmin\Desktop\VulnerableD
LFiles.csv --solution C:\Users\Oadmin\Desktop --verbose

image
He continued to report mistakes

Can't find a way: "!! 0[] System.Array.Empty()

Hello again,

Can you try with --solution C:\Users\Oadmin\Desktop\output (added an extra folder name) and with --debug as well please?

Thanks,
Pavel

Thank you so much for your patience
image

C:\Users\Oadmin\Desktop\Spartacus-v2.2.0-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\Oadmin\Desktop\output\Vulne
rableDLLFiles.csv --solution C:\Users\Oadmin\Desktop\output --verbose --debug
[17:16:14] [DEBUG] Reading event offsets...
[17:16:14] Reading event log offsets...
[17:16:14] Found 2,060 events...
[17:16:14] Searching events.............
[17:16:14] Found 21 events of interest...
[17:16:14] [DEBUG] FindEvents() took 36ms
[17:16:14] Extracting DLL filenames from paths...
[17:16:14] Found 21 unique DLLs...
[17:16:14] Trying to identify which DLLs were actually loaded.............
[17:16:14] [DEBUG] FindLoadedEvents() took 35ms
[17:16:14] 找不到方法:“!!0[] System.Array.Empty()”。
[17:16:14] There was an error saving the output. In order to avoid losing the processed data
[17:16:14] we're going to give it another go. When you resolve the error described above
[17:16:14] hit ENTER and another attempt at saving the output will be made.

I can see it's failing here -

protected void ExportToCSV(Dictionary<string, PMLEvent> events)

Can you check if the CSV file is created and the header line is written into it please? Should be like:

stream.WriteLine(string.Format("Process,Image Path,Missing DLL,Found DLL,Integrity,Command Line"));

And if so, are there any more lines written in that file? I'm trying to understand if:

  1. There's a problem creating the file - in this case there will be no CSV.
  2. There's a problem writing the data - in this case only the header line will be in the CSV.
  3. There's a problem with some identified value in the array - in this case there may be some more records in the CSV file

In the first case, the csv file is not created successfully

I can see in your command line:

C:\Users\Oadmin\Desktop\Spartacus-v2.2.0-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\Oadmin\Desktop\output\VulnerableDLLFiles.csv --solution C:\Users\Oadmin\Desktop\output --verbose --debug

You have specified that the csv will be in the output folder. If output doesn't exist then Spartacus won't be able to create the file. Can you change your command line to this and try again?

C:\Users\Oadmin\Desktop\Spartacus-v2.2.0-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\Oadmin\Desktop\VulnerableDLLFiles.csv --solution C:\Users\Oadmin\Desktop\output --verbose --debug

Unfortunately, I've tried and failed
image

Let me add some more debug statements & error handling and we can try again - I'll let you know when it's ready to test

Thank you.

Can you download v2.2.1 that I've just pushed, and run again with --debug please?

From what I can see it's not even entering inside the ExportCSV function as otherwise it would show the Saving to CSV... message.

Hopefully we'll get some insight into what is going wrong

Thank you for your patience. Here I am,I tried again

C:\Users\Oadmin\Desktop\Spartacus-v2.2.1-x64>Spartacus.exe --mode dll --existing --pml C:\Users\Oadmin\Desktop\ProcessMonitor\Logfile.PML --csv C:\Users\Oadmin\Desktop\VulnerableDL
LFiles.csv --solution C:\Users\Oadmin\Desktop\output --verbose --debug

image

The error is

[13:10:30] Can't find a way: "!! 0[] System.Array.Empty() ".

[13:10:30] in called Spartacus. Modes. DLL. ModeDLL. ExportToCSV (Dictionary ` 2 events)

In called Spartacus. Modes. DLL. ModeDLL. The Run ()

Hi,

I searched online and it appears that this can be caused by having an old .NET version installed - https://stackoverflow.com/questions/31253747/method-not-found-0-system-array-empty

You could try installing a more recent version as described in the link above. Let me know if that works.

Thanks,
Pavel

I installed the updated version of net as you suggested and he succeeded. Thank you very much !

image

Excellent, glad we found out what it was!