Exetools - Loader for x64 application ?

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - Loader for x64 application ? (https://forum.exetools.com/showthread.php?t=18104)

Mahmoudnia

02-01-2017 11:28

Loader for x64 application ?

Hi friends
How to i create a loader for x64 application ?

chessgod101

02-01-2017 12:12

Here is a very simple example in Delphi. It creates a suspended process, gets the image base through the PEB header, and then uses WriteProcessMemory to patch the memory of the application, and then resumes the process. This will only work if you build it as an x64 application. I compiled this with xe7.

Code:

http://pastebin.com/fkCyzu5W

Uses Winapi.Windows.

gigaman

02-01-2017 14:49

I guess the answer would be "You do it the same way as you would for a 32bit application" (e.g. the way chessgod101 suggested), you just need to compile the loader as a 64bit executable as well.

While it is possible to achieve the same even from a 32bit loader - using undocumented functions like NtWow64WriteVirtualMemory64, it would be an unnecessary hassle.

sendersu

02-01-2017 18:31

have a look over asmjit and/or blackbone libs

mudlord

02-02-2017 14:17

Yes, use Xbyak or AsmJIT to build up the assembler/shellcode/code fragments, and then use Blackbone for the actual work. You could use something like mhook to make hook functions though and use NASM for pure 64bit assembler functions.

Blackbone is quite extensive and should be more than enough for your needs.
It assumes you know C++ though.
Same goes for Xbyak and AsmJit.

All times are GMT +8. The time now is 15:05.