Jump to content
Tuts 4 You

.NET support to a packer


Recommended Posts



I am wondering how to add .NET support to a native packer? because i tried using RLPack but the packed file failed to run with an error


Unable to find a version of the runtime to run this application


Is there something missed to be fixed before running the file like the Metadata or something.

Link to comment
  • 2 months later...

I would like to know this too.

Ive been searching the net for quite a long time now but no avail.

Currenlty i made a pe loader to load exe in memory.

Do the pe stuff like load import, fix relocation, patch peb etc.

It work on unmanage exe but manage exe like .NET exe produce runtime initalization error like mention above.

If pro's out there knows how to handle this problem, please enlighten us.



Link to comment

@StoneHeart I'm making a .NET packer so that's why it does.

First: make the single executable grab it converted to Base64 (or any other encryption) to insert to the executable. (The executable is another project)

Second: run it the single exe convert it again to Byte() and open it as Assembly (for .NET only).

Third: invoke the main method of the application.


For all executables which aren't .NET you can do the 1º and 2º option but the 3º you replace it to extract the file to any folder and run it but this will show on the Task manager and can be detected easily. But for the .NET apps are on the same executable as the first project we made so all codes are the same.


An example of a packer is ExePack.NET.


I hope I can help you.

Edited by LordCoder
Link to comment
  • 2 weeks later...
  • 10 months later...

Hi again


Sorry for the bump didn't want to start a new thread again


I have read some article it says that i need to hook the Api's CreateFile/CreateFileMapping/MapViewOfFile


This is due to .NET being read file to access the meta data and such.


I tried it manually with ollydbg and redirected the mem allocated by MapViewOfFile to the original .NET exe and it worked on Framework 4 and some exes compiled with 2.0 framework i found on net.


however some exe's like i compiled with C# for Framework 2.0/3.0/3.5 they don't work instead they show an error (Send/don't send)


error comes from KERNELBASE.dll


is there any documentation how to safely pack .NET with a stable way?

Edited by Lostin
Link to comment

Google for CorBindToRuntimeEx - that's a good place to start.


There is no need for this function while .NET is looking for the Framework version from itself.

Every native packer i have used doesn't use this function. Themida/Enigma/Safengine all use hooks to the 3 api's i mentioned earlier.

Link to comment

After i debugged some themida packed apps i found out it redirect the calls to the CreateFile which it prevent it from reading itself and calls CreateFile with "NUL" as File name parameter instead. Is there any reason for that? i don't understand what is "NUL" and why it's needed.

0012F55C 004907C4 /CALL to CreateFileA from WindowsF.004907BE
0012F560 0048E10C |FileName = "NUL"
0012F564 80000000 |Access = GENERIC_READ
0012F568 00000001 |ShareMode = FILE_SHARE_READ
0012F56C 00000000 |pSecurity = NULL
0012F570 00000003 |Mode = OPEN_EXISTING
0012F574 00000000 |Attributes = 0
0012F578 00000000 \hTemplateFile = NULL

Edited by Lostin
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...