Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Exe to DLL

Loveless
Loveless
in Programming and Coding

Featured Replies

Posted

Hey guys,

I'm looking to transform an EXE into a DLL. Nothing complex, just want the app to run when LoadLibrary executes DLL main. I don't know if it's possible to do this, and I don't know if it's been done. A quick review revealed nothing. However, any insights into this would be much appreciated.

-Loveless

Right off hand, either you could rip whe whole thing and compile to a dll... or write a dll to extract the program to a temp dir or wherever and run it.. Like I said just first thing that comes to my mind.

Doc

  • Author

Thanks Dr. However temp dir doesn't work as I want it to be loaded in memory as a DLL. I doubt I can rip the entire thing either, program in question is 8 megs compiled (did someone say BLOAT ****ING TED?) (no offence teddy)

Edited by Loveless

  • Author

Well, I got the damn thing to load, except it wouldn't load at 00400000 so I had to change imagebase to 10000000. Sadly there are no relocs for the exe so this completely ****ed up the code sections interaction with .data (everything pointing to 00Bxxxxx, should be 10Exxxxx or whatever). I tried to use reloc rebuilder by PE Tools and DLL rebaser by Dr Golova but PETools said there are too many relocs and Golova's tool only works with the import table. Sooooo..... any suggestions? I might code something to go through the damn thing with Hackman dissassembler DLL and rebase all Imm32 to +new_imagebase. But I'm lazy, and I'd rather use existing tools.

-Loveless

Edited by Loveless

Well, I got the damn thing to load

Yeah I played around with a couple exe's have same problem.... 8 megs :banana: anyway out of pure intrest ill keep on ****ing around with it. Good luck man.

Doc

Edited by DrPepUr
Fucking bannana supposed to be a horse taking a dump :-\

Well, I got the damn thing to load, except it wouldn't load at 00400000 so I had to change imagebase to 10000000. Sadly there are no relocs for the exe so this completely ****ed up the code sections interaction with .data (everything pointing to 00Bxxxxx, should be 10Exxxxx or whatever). I tried to use reloc rebuilder by PE Tools and DLL rebaser by Dr Golova but PETools said there are too many relocs and Golova's tool only works with the import table. Sooooo..... any suggestions? I might code something to go through the damn thing with Hackman dissassembler DLL and rebase all Imm32 to +new_imagebase. But I'm lazy, and I'd rather use existing tools.

-Loveless

Is there a reason you don't just leave it at 0x400000 and have the base of the loader at a different location?

Hi Loveless

A long time no see :google:

  • Author

Hi by:70. Same to you :) Sorry, was away on business.

Have you tried Reloz? (not to be confused with Relox)

Never really got it to work but I guess it's worth a try.

Regarding changing from EXE to DLL:

The difference between and EXE and a DLL comes under Characteristics flag

- is Dll flag selected or not.

Also a exe don't have Export Table - I don't know any tools which can add Export Table and not even a tools which can rebuild Export Table :cry:

Anyway I think you don't need Export Table, just change some things at Entry Point.

Cheers,

CodeRipper

  • Author

Hello hello,

What I've done so far:

Changed in PE header characteristics to DLL. Relocs still stripped.

DLL refuses to load because its address space is taken up by windows and there are no relocs so it cant rebase. So, now I break in olly on System Entrypoint, and I unmap the memory windows had taken up, and then load the Library. However, dep gets angry at me. So I turned of DEP. Now am testing. Will post what happened later :)

@Killboy: reloz isn't what I'm looking for, sorry :( Something like PE Tools reloc rebuilder plugin would be nice.

Edited by Loveless

Also a exe don't have Export Table - I don't know any tools which can add Export Table and not even a tools which can rebuild Export Table :cry:
Sorry mate, I don't agree... I have found hundreds of exe files with export table, even I have developed several using it.

No tools performing that task? I have lot of code that performs that. Maybe it could be added to a tool... ;)

Anyway, if you don't build a relocations section, the dll won't be loaded. The system needs that information to load it.

Try this tool to rebuild a relocations section:

http://www.tuts4you.com/download.php?view.419

Good luck

Nacho_dj

  • Author

Thanks Nacho, but ReloX only works if the Exe can load itself into 2 different places and then have me dump it. But how could it load itself in 2 different imagebases if it doesnt have relocs in the first place, eh? :D

-Loveless

"Sorry mate, I don't agree... I have found hundreds of exe files with export table, even I have developed several using it."

I know that some exes have Export Table - I saw such exes (I've forgot to mention this);

while all Dlls always have Export Table.

Cheers

CodeRipper

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.