Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PE Infection in pure C

3 votes

Started By Nastor , Jan 31 2021 12:15 AM

programming PE infect offset headers

Please log in to reply

1 reply to this topic

#1
Nastor

Posted 31 January 2021 - 12:15 AM

Nastor

Forum Newbie

Probation
1 posts

Reputation: 5

Hello everybody,

I started a few days ago with the intention of creating a PE Infector, but wherever I tried to search I always found pieces of code in asm, particularly the payload would be in asm.

I succesfully managed to map the PE32 Image files structures, but there's one thing I cannot comprehend: since the basic principle of PE infection would be to execute custom code and then jump back to the original Entry Point to fake a regular .exe execution, is it possible to achieve so without injecting asm shellcode but by using only C code?
As I said, I managed to reach the part of the PE32 file which contains all section headers but I fail to understand how to edit existing fields and add a custom payload to the right place in pure C, the payload being another .exe file for example.

Any help would be appreciated, thanks.

RidgeFen, Robertincaf, Miguboactamb and 2 others like this

#2
sk177y

Posted 24 August 2024 - 06:56 PM

sk177y

Forum Newbie

Members
73 posts

Reputation: 21

Gender:Male
Location:TsuChikasNargayTuTuesmuySuda
Interests:lllarc-> lol+=
AloneWithoutYou();
icrosoft, acebook,oneynet;
--;--;--;
Coding:not enclish.
los virus de metamórficas son más elegantes por naturaleza
"si el amor es una ilusión, que la realidad cogida"

Fopen fread (buff,len(exe)); len=len-43; buff=buff+pld; fwrite(exe,buff,strlen(buff);

~Pseudoephedrine deco~
{[€®\®¢®\®€TM\®\TM¢TM\®\TM€TM\®®\®€®€®\TM\®®€TM€®\®\®€TM€TM\®\®\®€®\®^®\®€®TM\®\®\®\®®¢TM¢TM¢TM¢TM€\TMTM€TM¢TM¢TM€TM\®\®•®•®€®©¢¢©©¢©•©•©|©¢©|©•®•®•©•©•|||§∆]}; [&]("\\\\\\\"){};

Back to Programming