When creating a shellcode through donut it is important to remember that x64 built instance of the donut project will create x64 bit shellcodes that should run in a x64 processs and vice versa. Program we would like to turn into a shellcode should also be compiled for the desired architecture. This can be achieved by compiling a project with 2019 MSVC compiler from a development command prompt:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
Resulted binary can be easily confirmed with sigcheck.exe from Sysinternals:
C:\Users\user\Desktop\donut-dev>nmake debug -f Makefile.msvcMicrosoft (R) Program Maintenance Utility Version 14.23.28106.4Copyright (C) Microsoft Corporation. All rights reserved.cl -Zp8 -nologo -DDEBUG -DDONUT_EXE -I include donut.c hash.c encrypt.c payload/clib.cdonut.chash.cencrypt.cclib.cGenerating Code...cl -Zp8 -nologo -DDEBUG -DDLL -LD -I include donut.c hash.c encrypt.c payload/clib.cdonut.chash.cencrypt.cclib.cGenerating Code...Creating library donut.lib and object donut.expmove donut.lib lib/donut.lib1 file(s) moved.move donut.exp lib/donut.exp1 file(s) moved.move donut.dll lib/donut.dll1 file(s) moved.C:\Users\user\Desktop\donut-dev>..\sigcheck.exe donut.exeSigcheck v2.73 - File version and signature viewerCopyright (C) 2004-2019 Mark RussinovichSysinternals - www.sysinternals.comC:\Users\admin\Desktop\donut-dev\donut.exe:Verified: UnsignedLink date: 00:09 14/10/2019Publisher: n/aCompany: n/aDescription: n/aProduct: n/aProd version: n/aFile version: n/aMachineType: 64-bit
If needed x86 path is located in
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars32.bat