Skip to content
/ Pe-Loader-Sample Public

Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique

148 stars 80 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abhisek/Pe-Loader-Sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Pe-Loader-Sample.vcproj
Pe-Loader-Sample.vcproj
 
 
README.md
README.md
 
 

Repository files navigation

PE Loader Sample

In memory execution of PE executables:

  • Self Relocation
  • Memory Mapping
  • IAT Processing
  • Relocation
  • Control Transfer

This project aims to implement a complete PE Loader capable of loading all PE and PE+ executables. The current version should be considered as a PoC only as it does not handle all practical cases.

TODO:

  • Handle Import Forwarding
  • Bound Imports
  • Is it possible to relocate a PE if relocation table is not included? Hack++?
  • Most Important: Documentation of PE Loading Process

Thanks

  • Special thanks to Stephen Fewer of Harmony Security for Reflective DLL Injection paper and implementation. The IAT processing and Relocation code in this project is taken from ReflectiveDLL Loader implementation.

  • sincoder for ideas on Self Relocation.

About

Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique

Resources

Readme
Activity

Stars

148 stars

Watchers

16 watching

Forks

80 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages