No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
abhisek --
Signed-off-by: abhisek <abhisek.datta@gmail.com>
Latest commit 9aed4b3 Mar 22, 2013

README.md

PE Loader Sample

In memory execution of PE executables:

  • Self Relocation
  • Memory Mapping
  • IAT Processing
  • Relocation
  • Control Transfer

This project aims to implement a complete PE Loader capable of loading all PE and PE+ executables. The current version should be considered as a PoC only as it does not handle all practical cases.

TODO:

  • Handle Import Forwarding
  • Bound Imports
  • Is it possible to relocate a PE if relocation table is not included? Hack++?
  • Most Important: Documentation of PE Loading Process

Thanks

  • Special thanks to Stephen Fewer of Harmony Security for Reflective DLL Injection paper and implementation. The IAT processing and Relocation code in this project is taken from ReflectiveDLL Loader implementation.

  • sincoder for ideas on Self Relocation.