Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Packing .NET PE with an unmanaged PE32 executable.

Stasis
Stasis
in Programming and Coding

Featured Replies

Posted

Anyone knows how BoxedApp does their packing of .NET PE into PE32 executables?

I tried creating process from a PE32 stub exe and then mapping .NET PE into suspended process but it doesn't work - gives ".NET runtime not found error".

It works only when the referenced stub is a .NET PE itself.
/>http://www.security.org.sg/code/loadexe.html

My objective is to hide the existence of a .NET PE exe within a PE32 exe and yet able to run and load the Common runtime langauge (.net environment).

Thanks for any advice.

Good place to start would be to Google for CorBindToRuntimeEx.

  • Author

Sorry, i should rephrase my topic:

executing embedded .NET PE within an unmanaged native PE32 executable.

CorBindToRuntimeEx is deprecated in .net4

I already tried with CLRCreateInstance, pMetaHost->GetRuntime, pClrRuntimeHost->Start() etc to no avail.

I have managed to inject this CLR host into the memory mapped .net process and most of the .NET libraries are loaded but it still gave me a runtime error. ("unable to find a version of the runtime to run this application")

http://msdn.microsof...ng_and_starting

The problem is OS loader bypassing the jmp mscoree.dll and it doesnt intialise CLR itself as a new process. I need to get the native exe to load and execute the embedded .NET exe as a whole.

I have tried:

1. process forking (createprocess .net), IAT fix, relocation, entry pts routing

2. CLR host in native exe

3. Inject CLR host into suspended memory mapped .net process

3. Loadlibrary

4. Com and .Net wrappers ( is not what i needed)

5. DLL or exported functions is not what i needed

6. Netz, upx packers are not the solution

BoxedApp Packer actually does pretty nice job in encasing the .NET exe within a native pe32 exe.

http://www.boxedapp....cker/index.html

I wanted to do exactly what it does. any ideas?

Edited by Stasis

Never tried with .NET exes.

C++

loadEXE from memory.rar

  • Author

Never tried with .NET exes.

C++

Thanks for reply, that was exactly what i tried with. I mentioned it in my first post.

It's not working with .NET PE files.

The problem occurs with the loading of CLR runtime.

What you are trying to do is not simple, It's like creating a Loader for the .NET executables which have a custom way of "being loading" by the Windows Loader in Vista and beyond.

I once did the exact opposite, I mean I created a loader to load native DLLs into a .NET exe from memory, It works and I think modifying the code a little can help you load exe but you should

pray to god this works !

maybe debugging a simple .NET exe packed with a recent version of MoleBox can help you, Molebox has a nice native loader for .NET files.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.