Stasis Posted August 8, 2012 Posted August 8, 2012 Anyone knows how BoxedApp does their packing of .NET PE into PE32 executables?I tried creating process from a PE32 stub exe and then mapping .NET PE into suspended process but it doesn't work - gives ".NET runtime not found error". It works only when the referenced stub is a .NET PE itself./>http://www.security.org.sg/code/loadexe.htmlMy objective is to hide the existence of a .NET PE exe within a PE32 exe and yet able to run and load the Common runtime langauge (.net environment).Thanks for any advice.
kao Posted August 8, 2012 Posted August 8, 2012 Good place to start would be to Google for CorBindToRuntimeEx.
Stasis Posted August 8, 2012 Author Posted August 8, 2012 (edited) Sorry, i should rephrase my topic: executing embedded .NET PE within an unmanaged native PE32 executable.CorBindToRuntimeEx is deprecated in .net4I already tried with CLRCreateInstance, pMetaHost->GetRuntime, pClrRuntimeHost->Start() etc to no avail.I have managed to inject this CLR host into the memory mapped .net process and most of the .NET libraries are loaded but it still gave me a runtime error. ("unable to find a version of the runtime to run this application")http://msdn.microsof...ng_and_startingThe problem is OS loader bypassing the jmp mscoree.dll and it doesnt intialise CLR itself as a new process. I need to get the native exe to load and execute the embedded .NET exe as a whole.I have tried:1. process forking (createprocess .net), IAT fix, relocation, entry pts routing2. CLR host in native exe3. Inject CLR host into suspended memory mapped .net process3. Loadlibrary4. Com and .Net wrappers ( is not what i needed)5. DLL or exported functions is not what i needed6. Netz, upx packers are not the solutionBoxedApp Packer actually does pretty nice job in encasing the .NET exe within a native pe32 exe.http://www.boxedapp....cker/index.htmlI wanted to do exactly what it does. any ideas? Edited August 8, 2012 by Stasis
Kurapica Posted August 8, 2012 Posted August 8, 2012 Never tried with .NET exes.C++loadEXE from memory.rar
Stasis Posted August 9, 2012 Author Posted August 9, 2012 Never tried with .NET exes.C++Thanks for reply, that was exactly what i tried with. I mentioned it in my first post.It's not working with .NET PE files. The problem occurs with the loading of CLR runtime.
Kurapica Posted August 10, 2012 Posted August 10, 2012 What you are trying to do is not simple, It's like creating a Loader for the .NET executables which have a custom way of "being loading" by the Windows Loader in Vista and beyond.I once did the exact opposite, I mean I created a loader to load native DLLs into a .NET exe from memory, It works and I think modifying the code a little can help you load exe but you shouldpray to god this works !maybe debugging a simple .NET exe packed with a recent version of MoleBox can help you, Molebox has a nice native loader for .NET files.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now