Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-02-2022, 17:42
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
QLoader - Quickly create a non-exe loader for application

Howdy, friends.

Today, I would like to share with you guys a RE tool named QLoader @ https://github.com/vic4key/QLoader.git

QLoader is a PE loader creator that helps you quickly create a non-exe loader for application.

Features
  • Easy to Create a non-exe Loader to avoid Anti-Virus Detection
  • Easy to Define Patching Patterns under the JSON File Format
  • Easy to Modify Patching Information (Target, Pattern, etc)
  • Support both PE 32-bit & 64-bit
  • Modify direct the created Loader for updating (do not need to Save Project for maintenance)
  • Create Loader as
  • Windows Shortcut .LNK
  • Internet Shortcut .URL
  • HTML Hyperlink qloader: ... (like tel: ..., skype: ..., etc)
  • Patching Methods
  • Fully Loaded
  • At Entry Point
  • Unpacking (TODO Later)
GUI
Screenshot @ https://github.com/vic4key/QLoader/b...enshots/ui.png

Tutorial
Video on Youtube @ https://youtu.be/nzyHh1CzNLM
Note: Remember to turn on sub-title (CC) when watching

More details, screenshots, or single executable (inside the bin folder) can be found in the GitHub repo @ https://github.com/vic4key/QLoader.git

Regards,
Vic P.

Last edited by vic4key; 07-02-2022 at 17:57.
Reply With Quote
The Following 3 Users Gave Reputation+1 to vic4key For This Useful Post:
MarcElBichon (07-02-2022), niculaita (07-02-2022), Shub-Nigurrath (07-03-2022)
The Following 11 Users Say Thank You to vic4key For This Useful Post:
besoeso (07-02-2022), bolo2002 (07-04-2022), Doit (07-11-2022), Mahmoudnia (07-03-2022), New Tiger (07-05-2022), niculaita (07-02-2022), NoneForce (07-03-2022), SinaDiR (07-04-2022), TeRcO (09-30-2022), wilson bibe (07-03-2022), Zeokat (07-03-2022)
  #2  
Old 07-03-2022, 20:03
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
Released v1.1 with "Support to define `offset` field in both decimal and heximal number" @ https://github.com/vic4key/QLoader/releases/tag/v1.1
P.S Please don't use JSON files from version 1.0, let download & use new JSON files from version 1.1. If not, crash will be occurred.

Last edited by vic4key; 07-04-2022 at 09:45.
Reply With Quote
The Following 4 Users Say Thank You to vic4key For This Useful Post:
MarcElBichon (07-03-2022), nikkapedd (07-04-2022), wilson bibe (07-04-2022), Zeokat (07-03-2022)
  #3  
Old 07-04-2022, 18:36
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
Really interesting trick. Curious to know the details of the produced files. Thanks !
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #4  
Old 07-04-2022, 21:54
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
Quote:
Originally Posted by Shub-Nigurrath View Post
Really interesting trick. Curious to know the details of the produced files. Thanks !
Thank you. The detail is very simple:
1. QLoader uses a JSON pattern file to generate a shortcut file (.LNK/.URL) or HTML hyperlink <a> tag (then you can upload the generated shortcut for sharing).
2. Required QLoader installed in machine (Its role is a parser & handler).
Reply With Quote
  #5  
Old 07-04-2022, 23:19
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
nice one,just a question about offset,an example with sublime_text patch,they are plenty of 80 38 00 on the trial I've downloaded so,is the offset mean the first sequence found to patch with FE 00 90?
""pattern": "80 38 00","replacement": "FE 00 90","offset": 0
__________________
I like this forum!
Reply With Quote
  #6  
Old 07-05-2022, 00:14
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
Quote:
Originally Posted by bolo2002 View Post
nice one,just a question about offset,an example with sublime_text patch,they are plenty of 80 38 00 on the trial I've downloaded so,is the offset mean the first sequence found to patch with FE 00 90?
""pattern": "80 38 00","replacement": "FE 00 90","offset": 0
The question about the offset field, LCF-AT@tuts4you asked me yesterday.
I refer my answer here, hope this help you. The answer @ https://forum.tuts4you.com/topic/436...comment=212361
P.S For quick, so I refer the link here. Sorry for not answer you directly.
Reply With Quote
  #7  
Old 07-07-2022, 23:11
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by vic4key View Post
The question about the offset field, LCF-AT@tuts4you asked me yesterday.
I refer my answer here, hope this help you. The answer @ https://forum.tuts4you.com/topic/436...comment=212361
P.S For quick, so I refer the link here. Sorry for not answer you directly.
Ok thanks,got it:
"Additionally, for each pattern, it just patches the first match address only. Not all matches. So the pattern should be unique"
__________________
I like this forum!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 16:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )