Exe as DLL

Author: David Zimmer
Date: 10.25.10 - 5:28pm

quick update to my Using_an_exe_as_a_dll article today.

Was analyzing some code that was dumped from a memory injection. No api were used in the target section, and no relocations in that section either. It wouldnt load with loadlibrary (at first anyway) so i went an even simplier route.

Create a VirtualAlloced section at teh desired address, Load the file into the mem buffer, and call directly into it like you would when testing shellcode.

Worked like a charm. Originally i was calling into a point that did need some fixups, still good you just have to manually do them yourself. You could add in a couple api in this manner if you really had to too just makes your loader a bit more to debug. (kinda speaks to how shitty of task you are doing when you do stuff like this huh? :)

int LoadFileAtAddress(char* filename, unsigned int address, unsigned int padding){


	HANDLE h =  (HANDLE)OpenFile(filename, &o , OF_READ);
		printf("Could not open file %s\n", filename);
		return 0;

	int bufsz = GetFileSize(h,NULL);
	if( bufsz == INVALID_FILE_SIZE){
		printf("Could not get filesize\n");
		return 0;

	printf("Allocation Base: %x  Size: %x  Padding: %x  End: %x\n", address,bufsz, padding, address+bufsz+padding);
	bufsz += padding;

	printf("Trying to clear way for alloc...\n");
	int x = address;
	while(x < address+bufsz+padding){
		UnmapViewOfFile( (void*)x );
		FreeLibrary( (HMODULE)x );
		x += 0x1000;

	void* mem = VirtualAlloc((void*)address,bufsz, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);

		printf("Could not obtain desired base address...");
		return 0;

	ReadFile(h, mem, bufsz ,&l,0);
	return (int)mem;

Comments: (0)

Leave Comment:
Email: (not shown)
Message: (Required)
Math Question: 75 + 81 = ? followed by the letter: L 

About Me
More Blogs
Main Site
Posts: (All)
2021 ( 4 )
2020 ( 8 )
2019 ( 12 )
2017 ( 5 )
2016 ( 4 )
2015 ( 6 )
2014 ( 5 )
2013 ( 9 )
2012 ( 13 )
2011 ( 19 )
2010 (11)
     Retro XSS Chat Codes
     Exe as DLL
     Olly Plugins
     Debugging Explorer
     Attach to hidden process
     JS Refactoring
     Asm and Shellcode in CSharp
     Fancy Return Address
     PDF Stream Dumper
     Malcode Call API by Hash
     WinDbg Cheat Sheet
2009 (1)
     GPG Automation