Jump to content
Tuts 4 You

Packing .NET PE with an unmanaged PE32 executable.


Stasis

Recommended Posts

Posted

Anyone knows how BoxedApp does their packing of .NET PE into PE32 executables?

I tried creating process from a PE32 stub exe and then mapping .NET PE into suspended process but it doesn't work - gives ".NET runtime not found error".

It works only when the referenced stub is a .NET PE itself.
/>http://www.security.org.sg/code/loadexe.html

My objective is to hide the existence of a .NET PE exe within a PE32 exe and yet able to run and load the Common runtime langauge (.net environment).

Thanks for any advice.

Posted

Good place to start would be to Google for CorBindToRuntimeEx.

Posted (edited)

Sorry, i should rephrase my topic:

executing embedded .NET PE within an unmanaged native PE32 executable.

CorBindToRuntimeEx is deprecated in .net4

I already tried with CLRCreateInstance, pMetaHost->GetRuntime, pClrRuntimeHost->Start() etc to no avail.

I have managed to inject this CLR host into the memory mapped .net process and most of the .NET libraries are loaded but it still gave me a runtime error. ("unable to find a version of the runtime to run this application")

http://msdn.microsof...ng_and_starting

The problem is OS loader bypassing the jmp mscoree.dll and it doesnt intialise CLR itself as a new process. I need to get the native exe to load and execute the embedded .NET exe as a whole.

I have tried:

1. process forking (createprocess .net), IAT fix, relocation, entry pts routing

2. CLR host in native exe

3. Inject CLR host into suspended memory mapped .net process

3. Loadlibrary

4. Com and .Net wrappers ( is not what i needed)

5. DLL or exported functions is not what i needed

6. Netz, upx packers are not the solution

BoxedApp Packer actually does pretty nice job in encasing the .NET exe within a native pe32 exe.

http://www.boxedapp....cker/index.html

I wanted to do exactly what it does. any ideas?

Edited by Stasis
Posted

Never tried with .NET exes.

C++

Thanks for reply, that was exactly what i tried with. I mentioned it in my first post.

It's not working with .NET PE files.

The problem occurs with the loading of CLR runtime.

Posted

What you are trying to do is not simple, It's like creating a Loader for the .NET executables which have a custom way of "being loading" by the Windows Loader in Vista and beyond.

I once did the exact opposite, I mean I created a loader to load native DLLs into a .NET exe from memory, It works and I think modifying the code a little can help you load exe but you should

pray to god this works !

maybe debugging a simple .NET exe packed with a recent version of MoleBox can help you, Molebox has a nice native loader for .NET files.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...