Loveless Posted April 7, 2009 Posted April 7, 2009 Hey guys,I'm looking to transform an EXE into a DLL. Nothing complex, just want the app to run when LoadLibrary executes DLL main. I don't know if it's possible to do this, and I don't know if it's been done. A quick review revealed nothing. However, any insights into this would be much appreciated.-Loveless
DrPepUr Posted April 7, 2009 Posted April 7, 2009 Right off hand, either you could rip whe whole thing and compile to a dll... or write a dll to extract the program to a temp dir or wherever and run it.. Like I said just first thing that comes to my mind.Doc
Loveless Posted April 7, 2009 Author Posted April 7, 2009 (edited) Thanks Dr. However temp dir doesn't work as I want it to be loaded in memory as a DLL. I doubt I can rip the entire thing either, program in question is 8 megs compiled (did someone say BLOAT ****ING TED?) (no offence teddy) Edited April 7, 2009 by Loveless
Loveless Posted April 7, 2009 Author Posted April 7, 2009 (edited) Well, I got the damn thing to load, except it wouldn't load at 00400000 so I had to change imagebase to 10000000. Sadly there are no relocs for the exe so this completely ****ed up the code sections interaction with .data (everything pointing to 00Bxxxxx, should be 10Exxxxx or whatever). I tried to use reloc rebuilder by PE Tools and DLL rebaser by Dr Golova but PETools said there are too many relocs and Golova's tool only works with the import table. Sooooo..... any suggestions? I might code something to go through the damn thing with Hackman dissassembler DLL and rebase all Imm32 to +new_imagebase. But I'm lazy, and I'd rather use existing tools. -Loveless Edited April 7, 2009 by Loveless
DrPepUr Posted April 7, 2009 Posted April 7, 2009 (edited) Well, I got the damn thing to load Yeah I played around with a couple exe's have same problem.... 8 megs anyway out of pure intrest ill keep on ****ing around with it. Good luck man. Doc Edited April 7, 2009 by DrPepUr Fucking bannana supposed to be a horse taking a dump :-\
high6 Posted April 7, 2009 Posted April 7, 2009 Well, I got the damn thing to load, except it wouldn't load at 00400000 so I had to change imagebase to 10000000. Sadly there are no relocs for the exe so this completely ****ed up the code sections interaction with .data (everything pointing to 00Bxxxxx, should be 10Exxxxx or whatever). I tried to use reloc rebuilder by PE Tools and DLL rebaser by Dr Golova but PETools said there are too many relocs and Golova's tool only works with the import table. Sooooo..... any suggestions? I might code something to go through the damn thing with Hackman dissassembler DLL and rebase all Imm32 to +new_imagebase. But I'm lazy, and I'd rather use existing tools. -LovelessIs there a reason you don't just leave it at 0x400000 and have the base of the loader at a different location?
Loveless Posted April 7, 2009 Author Posted April 7, 2009 Hi by:70. Same to you Sorry, was away on business.
Killboy Posted April 7, 2009 Posted April 7, 2009 Have you tried Reloz? (not to be confused with Relox)Never really got it to work but I guess it's worth a try.
CodeExplorer Posted April 7, 2009 Posted April 7, 2009 Regarding changing from EXE to DLL: The difference between and EXE and a DLL comes under Characteristics flag - is Dll flag selected or not. Also a exe don't have Export Table - I don't know any tools which can add Export Table and not even a tools which can rebuild Export Table Anyway I think you don't need Export Table, just change some things at Entry Point. Cheers, CodeRipper
Loveless Posted April 8, 2009 Author Posted April 8, 2009 (edited) Hello hello, What I've done so far: Changed in PE header characteristics to DLL. Relocs still stripped. DLL refuses to load because its address space is taken up by windows and there are no relocs so it cant rebase. So, now I break in olly on System Entrypoint, and I unmap the memory windows had taken up, and then load the Library. However, dep gets angry at me. So I turned of DEP. Now am testing. Will post what happened later @Killboy: reloz isn't what I'm looking for, sorry Something like PE Tools reloc rebuilder plugin would be nice. Edited April 8, 2009 by Loveless
Nacho_dj Posted April 8, 2009 Posted April 8, 2009 Also a exe don't have Export Table - I don't know any tools which can add Export Table and not even a tools which can rebuild Export Table Sorry mate, I don't agree... I have found hundreds of exe files with export table, even I have developed several using it.No tools performing that task? I have lot of code that performs that. Maybe it could be added to a tool... Anyway, if you don't build a relocations section, the dll won't be loaded. The system needs that information to load it. Try this tool to rebuild a relocations section: http://www.tuts4you.com/download.php?view.419 Good luck Nacho_dj
Loveless Posted April 8, 2009 Author Posted April 8, 2009 Thanks Nacho, but ReloX only works if the Exe can load itself into 2 different places and then have me dump it. But how could it load itself in 2 different imagebases if it doesnt have relocs in the first place, eh? -Loveless
CodeExplorer Posted April 8, 2009 Posted April 8, 2009 "Sorry mate, I don't agree... I have found hundreds of exe files with export table, even I have developed several using it."I know that some exes have Export Table - I saw such exes (I've forgot to mention this);while all Dlls always have Export Table.CheersCodeRipper
by:70 Posted April 9, 2009 Posted April 9, 2009 (edited) Two information. Want to help you.ARTeam_PE_Tutorialhttp://www.tuts4you.com/download.php?view.235Iczelion's-Tutorial'shttp://www.tuts4you.com/download.php?view.1200 Edited April 20, 2009 by Teddy Rogers
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now