4 replies to this topic

[drdoom121]

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."
my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks

[Afterm4th]

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."
my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks

this might help http://msdn.microsof...y/ms809762.aspx

[drdoom121]

Thanks for the link, but still can not figure it out how to modify the P.E header of dll so I can execute it.

[tekio]

Not Run DMC... But Run32.exe.

That's the only thing I know. Try google or some Windows development forums. Those guys are hackers, too. Their hats are just a lighter shade of gray than most in here....

[Afterm4th]

this might help

corkami.googlecode.com/files/PE101-v1.pdf