Monday, September 29, 2014

A Codeless PE Binary File That Runs!!!

Recently, I came across article written in alex lonescu's blog. Its about the PE tricks that PE binary which having no codes.
As per his words:

the challenge is - "Write a portable executable (PE/EXE) file which can be spawned through a standard CreateProcess call and will result in STATUS_SUCCESS being returned as well as a valid Process Handle, but will not
  • Contain any actual x86/x64 assembly code section (i.e.: the whole PE should be read-only, no +X section)
  • Run a single instruction of what could be construed as x86 assembly code, which is part of the file itself (i.e.: random R/O data should not somehow be forced into being executed as machine code)
  • Crash or make any sort of interactive/visible notice to the user, event log entry, or other error condition."

He did it. 


Check the solution here: http://www.alex-ionescu.com/?cat=2


Post by newWorld


3 comments:

Unknown said...

can u explain how it runs?

newworld said...

Hi steve...

He actually created the PE header, but all the codes are zero. But he gives entry point of one of the loading dll, so it results in status success and process get created.

Thanks,
newWorld

Unknown said...

got it.
its interesting

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...