Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
BSD 3-Clause "New" or "Revised" License
3.53k
stars
628
forks
source link
Why is the delay loading mechanism not used for delay loaded imports? #76
When a delay load import is used by a PE the linker generates the typical stub that calls LoadLibrary/GetProcAddress and writes this value into the IAT when referenced for the first time. Is there a reason why this behavior wasn't left intact and delay loaded imports are forcibly loaded during the mapping process via LoadLibrary, defeating the actual purpose of delay loading imports in the first place?
From my testing earlier in the year as long as you correctly map the sections and apply relocations the linker generated stub works as intended.
When a delay load import is used by a PE the linker generates the typical stub that calls LoadLibrary/GetProcAddress and writes this value into the IAT when referenced for the first time. Is there a reason why this behavior wasn't left intact and delay loaded imports are forcibly loaded during the mapping process via LoadLibrary, defeating the actual purpose of delay loading imports in the first place?
From my testing earlier in the year as long as you correctly map the sections and apply relocations the linker generated stub works as intended.