format
sec13b opened this issue · 1 comments
sec13b commented
no offense , how you make this format easy
["0x03", "0x4c", "0x24", "0x08", "0x45", "0x39", "0xd1", "0x75"],
is normal to have this warning
mkdir -p bin
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c main.c -o bin/main.o
main.c: In function ‘LaunchEDR’:
main.c:85:17: warning: implicit declaration of function ‘SearchIOC’ [-Wimplicit-function-declaration]
85 | if (SearchIOC(&informationDetection, pAddress, regionSize)) {
| ^~~~~~~~~
Compiled main.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/directSyscall.c -o bin/detection/directSyscall.o
detection/directSyscall.c: In function ‘DirectSyscall’:
detection/directSyscall.c:58:65: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
58 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
detection/directSyscall.c:28:10: note: ‘information’ declared here
28 | char information[MAX_PATH];
| ^~~~~~~~~~~
detection/directSyscall.c:28:10: note: ‘pInformationDetection’ declared here
Compiled detection/directSyscall.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/ntdllUnhooking.c -o bin/detection/ntdllUnhooking.o
Compiled detection/ntdllUnhooking.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/patchAmsiByte.c -o bin/detection/patchAmsiByte.o
Compiled detection/patchAmsiByte.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/patchEtwByte.c -o bin/detection/patchEtwByte.o
Compiled detection/patchEtwByte.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/peStomping.c -o bin/detection/peStomping.o
detection/peStomping.c: In function ‘PeStomping’:
detection/peStomping.c:169:65: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
169 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
detection/peStomping.c:114:10: note: ‘information’ declared here
114 | char information[MAX_PATH];
| ^~~~~~~~~~~
detection/peStomping.c:114:10: note: ‘pInformationDetection’ declared here
Compiled detection/peStomping.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/reflectivePe.c -o bin/detection/reflectivePe.o
detection/reflectivePe.c: In function ‘ReflectivePE’:
detection/reflectivePe.c:60:97: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
60 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
detection/reflectivePe.c:31:10: note: ‘information’ declared here
31 | char information[MAX_PATH];
| ^~~~~~~~~~~
detection/reflectivePe.c:31:10: note: ‘pInformationDetection’ declared here
Compiled detection/reflectivePe.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/searchIoc.c -o bin/detection/searchIoc.o
Compiled detection/searchIoc.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/unbackedThreadOrigin.c -o bin/detection/unbackedThreadOrigin.o
detection/unbackedThreadOrigin.c: In function ‘UnbackedThreadOrigin’:
detection/unbackedThreadOrigin.c:117:100: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘DWORD’ {aka ‘long unsigned int’} [-Wformat=]
117 | snprintf(information, MAX_PATH, "\n\t\t- Thread : %d\n\t\t- Address : %p\n\t\t- Size : %d", te.th32ThreadID, mbi.BaseAddress, mbi.RegionSize);
| ~^ ~~~~~~~~~~~~~~~
| | |
| int DWORD {aka long unsigned int}
| %ld
detection/unbackedThreadOrigin.c:117:156: warning: format ‘%d’ expects argument of type ‘int’, but argument 6 has type ‘SIZE_T’ {aka ‘long long unsigned int’} [-Wformat=]
117 | snprintf(information, MAX_PATH, "\n\t\t- Thread : %d\n\t\t- Address : %p\n\t\t- Size : %d", te.th32ThreadID, mbi.BaseAddress, mbi.RegionSize);
| ~^ ~~~~~~~~~~~~~~
| | |
| int SIZE_T {aka long long unsigned int}
| %lld
detection/unbackedThreadOrigin.c:124:81: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
124 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
detection/unbackedThreadOrigin.c:35:10: note: ‘information’ declared here
35 | char information[MAX_PATH];
| ^~~~~~~~~~~
detection/unbackedThreadOrigin.c:35:10: note: ‘pInformationDetection’ declared here
Compiled detection/unbackedThreadOrigin.c
mkdir -p bin/detection
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c detection/unbackedThreadStartAddress.c -o bin/detection/unbackedThreadStartAddress.o
detection/unbackedThreadStartAddress.c: In function ‘UnbackedThreadStartAddress’:
detection/unbackedThreadStartAddress.c:165:100: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘DWORD’ {aka ‘long unsigned int’} [-Wformat=]
165 | snprintf(information, MAX_PATH, "\n\t\t- Thread : %d\n\t\t- Address : %p", te.th32ThreadID, pThreadAddress);
| ~^ ~~~~~~~~~~~~~~~
| | |
| int DWORD {aka long unsigned int}
| %ld
detection/unbackedThreadStartAddress.c:172:81: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
172 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
detection/unbackedThreadStartAddress.c:126:10: note: ‘information’ declared here
126 | char information[MAX_PATH];
| ^~~~~~~~~~~
detection/unbackedThreadStartAddress.c:126:10: note: ‘pInformationDetection’ declared here
Compiled detection/unbackedThreadStartAddress.c
mkdir -p bin/hook
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c hook/hookingApi.c -o bin/hook/hookingApi.o
hook/hookingApi.c: In function ‘RemoveHook’:
hook/hookingApi.c:121:29: warning: assignment to ‘DWORD’ {aka ‘long unsigned int’} from ‘void *’ makes integer from pointer without a cast [-Wint-conversion]
121 | pHook->dwOldProtection = NULL;
| ^
hook/hookingApi.c: In function ‘HookedNtWriteVirtualMemory’:
hook/hookingApi.c:193:5: warning: implicit declaration of function ‘GetExecutableName’ [-Wimplicit-function-declaration]
193 | GetExecutableName(fileName, MAX_PATH);
| ^~~~~~~~~~~~~~~~~
hook/hookingApi.c:194:5: warning: implicit declaration of function ‘GetExecutablePath’ [-Wimplicit-function-declaration]
194 | GetExecutablePath(fullPath, MAX_PATH);
| ^~~~~~~~~~~~~~~~~
hook/hookingApi.c:203:16: warning: returning ‘char *’ from a function with return type ‘NTSTATUS’ {aka ‘long int’} makes integer from pointer without a cast [-Wint-conversion]
203 | return "0x00000080";
| ^~~~~~~~~~~~
hook/hookingApi.c:210:9: warning: implicit declaration of function ‘SendToPipe’ [-Wimplicit-function-declaration]
210 | SendToPipe(&informationDetection);
| ^~~~~~~~~~
hook/hookingApi.c:214:10: warning: implicit declaration of function ‘PlaceHook’ [-Wimplicit-function-declaration]
214 | if (!PlaceHook()) {
| ^~~~~~~~~
hook/hookingApi.c: In function ‘UnhookedAPI’:
hook/hookingApi.c:161:49: warning: storing the address of local variable ‘information’ in ‘*pInformationDetection.information’ [-Wdangling-pointer=]
161 | pInformationDetection->information = information;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
hook/hookingApi.c:142:10: note: ‘information’ declared here
142 | char information[MAX_PATH];
| ^~~~~~~~~~~
hook/hookingApi.c:142:10: note: ‘pInformationDetection’ declared here
Compiled hook/hookingApi.c
mkdir -p bin/utils
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c utils/arrayComp.c -o bin/utils/arrayComp.o
Compiled utils/arrayComp.c
mkdir -p bin/utils
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c utils/crypto.c -o bin/utils/crypto.o
Compiled utils/crypto.c
mkdir -p bin/utils
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c utils/ipc.c -o bin/utils/ipc.o
Compiled utils/ipc.c
mkdir -p bin/utils
x86_64-w64-mingw32-gcc -Iincludes -Wall -D_DLL -D_EXPORTS -c utils/peInformation.c -o bin/utils/peInformation.o
Compiled utils/peInformation.c
mkdir -p bin
x86_64-w64-mingw32-gcc -o bin/CrimsonEDR.dll bin/main.o bin/detection/directSyscall.o bin/detection/ntdllUnhooking.o bin/detection/patchAmsiByte.o bin/detection/patchEtwByte.o bin/detection/peStomping.o bin/detection/reflectivePe.o bin/detection/searchIoc.o bin/detection/unbackedThreadOrigin.o bin/detection/unbackedThreadStartAddress.o bin/hook/hookingApi.o bin/utils/arrayComp.o bin/utils/crypto.o bin/utils/ipc.o bin/utils/peInformation.o -shared -Wl,--out-implib,bin/libCrimsonEDR.a -lpsapi -ldbghelp
DLL generated.
x86_64-w64-mingw32-gcc -Iincludes -Wall -c injector/injector.c -o bin/injector/injector.o
x86_64-w64-mingw32-gcc -Iincludes -Wall -c utils/extractJson.c -o bin/utils/extractJson.o
x86_64-w64-mingw32-gcc -Iincludes -Wall -c main.c -o bin/main.o
x86_64-w64-mingw32-gcc -Iincludes -Wall -o bin/CrimsonEDRPanel.exe bin/injector/injector.o bin/utils/extractJson.o bin/main.o
rm -rf bin
rm -rf bin
sec13b commented