Jump to content


Photo
- - - - -

How to convert dll to exe by modifying P.E


  • Please log in to reply
4 replies to this topic

#1 drdoom121

drdoom121

    Will I break 10 posts?

  • Members
  • 2 posts
  • Gender:Male

Posted 21 March 2012 - 11:25 AM

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."
my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks

#2 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 21 March 2012 - 12:00 PM

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."
my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks



this might help http://msdn.microsof...y/ms809762.aspx

#3 drdoom121

drdoom121

    Will I break 10 posts?

  • Members
  • 2 posts
  • Gender:Male

Posted 22 March 2012 - 10:54 AM

Thanks for the link, but still can not figure it out how to modify the P.E header of dll so I can execute it.

#4 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,085 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 22 June 2012 - 05:26 PM

Not Run DMC... But Run32.exe. :p

That's the only thing I know. Try google or some Windows development forums. Those guys are hackers, too. Their hats are just a lighter shade of gray than most in here....

#5 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 24 July 2012 - 04:25 PM

this might help

corkami.googlecode.com/files/PE101-v1.pdf




BinRev is hosted by the great people at Lunarpages!