Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   QLoader - Quickly create a non-exe loader for application (https://forum.exetools.com/showthread.php?t=20190)

vic4key 07-02-2022 17:42
QLoader - Quickly create a non-exe loader for application
 
Howdy, friends.

Today, I would like to share with you guys a RE tool named QLoader @ https://github.com/vic4key/QLoader.git

QLoader is a PE loader creator that helps you quickly create a non-exe loader for application.

Features
  • Easy to Create a non-exe Loader to avoid Anti-Virus Detection
  • Easy to Define Patching Patterns under the JSON File Format
  • Easy to Modify Patching Information (Target, Pattern, etc)
  • Support both PE 32-bit & 64-bit
  • Modify direct the created Loader for updating (do not need to Save Project for maintenance)
  • Create Loader as
  • Windows Shortcut .LNK
  • Internet Shortcut .URL
  • HTML Hyperlink qloader: ... (like tel: ..., skype: ..., etc)
  • Patching Methods
  • Fully Loaded
  • At Entry Point
  • Unpacking (TODO Later)
GUI
Screenshot @ https://github.com/vic4key/QLoader/b...enshots/ui.png

Tutorial
Video on Youtube @ https://youtu.be/nzyHh1CzNLM
Note: Remember to turn on sub-title (CC) when watching

More details, screenshots, or single executable (inside the bin folder) can be found in the GitHub repo @ https://github.com/vic4key/QLoader.git

Regards,
Vic P.

vic4key 07-03-2022 20:03
Released v1.1 with "Support to define `offset` field in both decimal and heximal number" @ https://github.com/vic4key/QLoader/releases/tag/v1.1
P.S Please don't use JSON files from version 1.0, let download & use new JSON files from version 1.1. If not, crash will be occurred.

Shub-Nigurrath 07-04-2022 18:36
Really interesting trick. Curious to know the details of the produced files. Thanks !

vic4key 07-04-2022 21:54
Quote:
Originally Posted by Shub-Nigurrath (Post 125523)
Really interesting trick. Curious to know the details of the produced files. Thanks !
Thank you. The detail is very simple:
1. QLoader uses a JSON pattern file to generate a shortcut file (.LNK/.URL) or HTML hyperlink <a> tag (then you can upload the generated shortcut for sharing).
2. Required QLoader installed in machine (Its role is a parser & handler).

bolo2002 07-04-2022 23:19
nice one,just a question about offset,an example with sublime_text patch,they are plenty of 80 38 00 on the trial I've downloaded so,is the offset mean the first sequence found to patch with FE 00 90?
""pattern": "80 38 00","replacement": "FE 00 90","offset": 0

vic4key 07-05-2022 00:14
Quote:
Originally Posted by bolo2002 (Post 125529)
nice one,just a question about offset,an example with sublime_text patch,they are plenty of 80 38 00 on the trial I've downloaded so,is the offset mean the first sequence found to patch with FE 00 90?
""pattern": "80 38 00","replacement": "FE 00 90","offset": 0
The question about the offset field, LCF-AT@tuts4you asked me yesterday.
I refer my answer here, hope this help you. The answer @ https://forum.tuts4you.com/topic/436...comment=212361
P.S For quick, so I refer the link here. Sorry for not answer you directly.

bolo2002 07-07-2022 23:11
Quote:
Originally Posted by vic4key (Post 125530)
The question about the offset field, LCF-AT@tuts4you asked me yesterday.
I refer my answer here, hope this help you. The answer @ https://forum.tuts4you.com/topic/436...comment=212361
P.S For quick, so I refer the link here. Sorry for not answer you directly.
Ok thanks,got it:
"Additionally, for each pattern, it just patches the first match address only. Not all matches. So the pattern should be unique"


All times are GMT +8. The time now is 11:57.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX