-
Notifications
You must be signed in to change notification settings - Fork 4
/
set_is_dll_flag.py
59 lines (45 loc) · 1.78 KB
/
set_is_dll_flag.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/env python3
"""
Simple program to set the IMAGE_FILE_DLL* flag on Windows PE files (.exes, .dlls, etc...),
which will trick Windows into thinking the file is a .dll.
This allows using LoadLibrary() on the file and calling the file's functions from a
separate program.
*https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#characteristics
"""
import struct
def set_dll_flag(pe_path):
# naive and simple implementation w/minimal checks. returns True on success; otherwise False
# read the file's header
f = open(pe_path, "rb+")
first_chunk = f.read(0x1000)
if not first_chunk.startswith(b"MZ"):
print("[-] Not a PE file. Try using on a .exe file for example.")
return False
# parse the file's header
offset_pe_header = 0x3c
size_pe_header = 4
offset_file_chars = 0x16
size_file_chars = 2
# find the PE header and calculate the file characteristics field address
addr_file_characteristics = struct.unpack("<I",
first_chunk[offset_pe_header:offset_pe_header+size_pe_header])[0] + offset_file_chars
# read the file characteristics field
file_characteristics = struct.unpack("<H",
first_chunk[addr_file_characteristics:addr_file_characteristics+size_file_chars])[0]
# turn on the IMAGE_FILE_DLL(0x2000) flag
is_dll_file_flag_on = 0x2000
file_characteristics |= is_dll_file_flag_on
f.seek(addr_file_characteristics)
f.write(struct.pack("<H", file_characteristics))
f.close()
return True
def main():
import sys
if (len(sys.argv) != 2):
print(f"[-] Usage: {sys.argv[0]} <path to target PE>")
return
set_dll_flag(sys.argv[1])
print("[+] Done")
return
if __name__ == '__main__':
main()