https://github.com/deeprobin/erase-pe-header

Erases windows portable x86-executable headers from memory
https://github.com/deeprobin/erase-pe-header

memory-leak pe-x86 portable-executable windows-executable

Last synced: 2 months ago
JSON representation

Erases windows portable x86-executable headers from memory

Host: GitHub
URL: https://github.com/deeprobin/erase-pe-header
Owner: deeprobin
Created: 2020-01-24T17:48:52.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-01-24T17:51:47.000Z (over 5 years ago)
Last Synced: 2024-10-31T12:13:07.213Z (11 months ago)
Topics: memory-leak, pe-x86, portable-executable, windows-executable
Language: Rust
Size: 1.95 KB
Stars: 3
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # erase-pe-header

This crate overwrites the PE header in memory with nulls. This can trick some antivirus & analysis software and it could be useful in malware creation. 

This crate was not created with malicious intent but for educational purposes. 

(Only works on windows)

This crate was adapted from [C++ Source](https://github.com/LordNoteworthy/al-khaser/blob/8ff90a3979face6e29aacb12521b032f2b379073/al-khaser/AntiDump/ErasePEHeaderFromMemory.cpp#L8-L22 "Repository LordNoteworthy/al-khasar").

## Example

```rust

fn main() {

    if cfg!(target_os = "windows") {

        unsafe { erase_pe_header::erase_pe_header() };

    }

    println!("Hello world");

}

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/deeprobin/erase-pe-header

Awesome Lists containing this project

README