Closed R3uan3 closed 1 year ago
ExtractArray
pulls out the code section of a DLL (ignores PE header and all other sections that are not code). For a carefully written DLL, the code section can be run as shellcode by writing it into executable memory and, for example, calling CreateThread
on it. The reflective loader used in this project is one such example of a DLL where this works.
This project uses ExtractArray
to convert the reflective loader DLL into shellcode, then appends an arbitrary DLL to that shellcode. ExtractArray
is not meant to be run on the DLL provided to InjectDLL.exe.
If you want to load a DLL from memory instead of passing it to the command line, you can modify the code here where the DLL is read from a file:
If you want to convert this DLL to a char array, you can copy and modify ExtractArray
to write the entire file to an array, and not just the .text
section. The loop below could be rewritten to write out all imageSize
bytes of the array image
:
Is possible to load the DLL from the
char
array generated by theExtracArray
instead of loading it from disk?