[Source] Manual DLL Mapper

[Cyrex']

I'm just gonna leave this here. It's fully undetected by x1gnc0de.

However I (you) still need to update the source/binary tomorrow:

Quote:

- add erase header functionality
- execute image's entry point
- add iat entry resolve by ordinal
- anti memory-leak (RAII mechanism for handles 'n stuff)
- add loadlibrary emulation

Note: If you are trying to update the source yourself, a few tips:

• Either zero-out the header after iat resolving or wait for the thread to complete by using WaitForSingleObject and then externally zero it out.
• To execute the dll's entry point grab entry point offset from nt header and utilize this type definition:
  
  Code:

  using tDllMain = BOOL( __stdcall* )( HMODULE hinstDLL, DWORD dwReason, LPVOID lpReserved );

• IAT entry resolve by ordinal: Use GetProcAddress or parse export ordinal table.
• 
• recall your manual mapping code for every IMAGE_IMPORT_DESCRIPTOR entry.
  (I don't know an iterative approach since you don't know how many dependencies the current dependency needs to load into the target process)

[gοd]

Good job, I kinda like your coding-style tbh.

[dodakar39]

what is this?

[TheMokkо]

better coding release than any other else i've seen here o:
Nice, even understandable for me

[0x80004005]

Thanks for sharing

[xxflay200]

Nicee job bro

[Decrypted]

Reported(move request).
No reason to be in the s4 section. Post it in code section.

[Cyrex']

Quote:

Originally Posted by Decrypted

Reported(move request).
No reason to be in the s4 section. Post it in code section.

Quote:

Zitat von S.A.L.O.M.O.N.
Posts, die nur "#reported/#closerequest" etc. enthalten, ohne zum Thema beizutragen, werden als Spam angesehen und entsprechend geahndet

()

gj.