Sign in to follow this  
Followers 0
drdoom121

How to convert dll to exe by modifying P.E

5 posts in this topic

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."

my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks

0

Share this post


Link to post
Share on other sites

Hi! I am reading Practical Malware Analysis and want to convert dll to exe the books says that "To modify the PE header, wipe the IMAGE_FILE_DLL (0x2000) flag from the Characteristics field in the IMAGE_FILE_HEADER. While this change won’t run any imported functions, it will run the DLLMain method, and it may cause the malware to crash or terminate unexpectedly. However, as long as your changes cause the malware to execute its malicious payload, and you can collect information for your analysis, the rest doesn’t matter."

my question is HOW do I wipe IMAGE_FILE_DLL?? I tried it opening with P.E explorer could not figure it out. Can someone please point be in right direction!! Thanks

this might help http://msdn.microsoft.com/en-us/library/ms809762.aspx

0

Share this post


Link to post
Share on other sites

Thanks for the link, but still can not figure it out how to modify the P.E header of dll so I can execute it.

0

Share this post


Link to post
Share on other sites

Not Run DMC... But Run32.exe. :P

That's the only thing I know. Try google or some Windows development forums. Those guys are hackers, too. Their hats are just a lighter shade of gray than most in here....

0

Share this post


Link to post
Share on other sites

this might help

corkami.googlecode.com/files/PE101-v1.pdf

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0