Recently, I came across article written in alex lonescu's blog. Its about the PE tricks that PE binary which having no codes.
As per his words:
the challenge is - "Write a portable executable (PE/EXE) file which can be spawned through a standard CreateProcess call and will result in STATUS_SUCCESS being returned as well as a valid Process Handle, but will not
As per his words:
the challenge is - "Write a portable executable (PE/EXE) file which can be spawned through a standard CreateProcess call and will result in STATUS_SUCCESS being returned as well as a valid Process Handle, but will not
- Contain any actual x86/x64 assembly code section (i.e.: the whole PE should be read-only, no +X section)
- Run a single instruction of what could be construed as x86 assembly code, which is part of the file itself (i.e.: random R/O data should not somehow be forced into being executed as machine code)
- Crash or make any sort of interactive/visible notice to the user, event log entry, or other error condition."
He did it.
Check the solution here: http://www.alex-ionescu.com/?cat=2
Post by newWorld
3 comments:
can u explain how it runs?
Hi steve...
He actually created the PE header, but all the codes are zero. But he gives entry point of one of the loading dll, so it results in status success and process get created.
Thanks,
newWorld
got it.
its interesting
Post a Comment