#1
|
||||
|
||||
Loader for x64 application ?
Hi friends
How to i create a loader for x64 application ? |
#2
|
||||
|
||||
Here is a very simple example in Delphi. It creates a suspended process, gets the image base through the PEB header, and then uses WriteProcessMemory to patch the memory of the application, and then resumes the process. This will only work if you build it as an x64 application. I compiled this with xe7.
Code:
http://pastebin.com/fkCyzu5W
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler |
#3
|
|||
|
|||
I guess the answer would be "You do it the same way as you would for a 32bit application" (e.g. the way chessgod101 suggested), you just need to compile the loader as a 64bit executable as well.
While it is possible to achieve the same even from a 32bit loader - using undocumented functions like NtWow64WriteVirtualMemory64, it would be an unnecessary hassle. |
#4
|
|||
|
|||
have a look over asmjit and/or blackbone libs
|
#5
|
||||
|
||||
Yes, use Xbyak or AsmJIT to build up the assembler/shellcode/code fragments, and then use Blackbone for the actual work. You could use something like mhook to make hook functions though and use NASM for pure 64bit assembler functions.
Blackbone is quite extensive and should be more than enough for your needs. It assumes you know C++ though. Same goes for Xbyak and AsmJit. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Application invisibility | UncleV | General Discussion | 4 | 03-08-2004 17:51 |