Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nettitude/RunPE

C# Reflective loader for unmanaged binaries.
https://github.com/nettitude/RunPE

Last synced: 3 months ago
JSON representation

C# Reflective loader for unmanaged binaries.

Host: GitHub
URL: https://github.com/nettitude/RunPE
Owner: nettitude
License: bsd-3-clause
Created: 2021-06-25T10:39:12.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2023-01-25T19:16:18.000Z (almost 2 years ago)
Last Synced: 2024-05-08T01:30:52.803Z (6 months ago)
Language: C#
Homepage:
Size: 26.4 KB
Stars: 397
Watchers: 10
Forks: 62
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - nettitude/RunPE - C# Reflective loader for unmanaged binaries. (C# #)

README

        # RunPE

C# reflective loader for unmanaged binaries.

## Usage

```

Usage: RunPE.exe  

        e.g. RunPE.exe C:\Windows\System32\net.exe localgroup administrators

Alternative usage: RunPE.exe ---f  ---b  ---a 

        e.g: RunPE.exe ---f C:\Windows\System32\svchost.exe ---b  ---a 

```

## Build configuration options

Edit the compilation symbols to quickly adjust the program flow:

(Right click the project in Visual Studio -> Properties -> Build -> Conditional Compilation Symbols)

* DEBUG (automatically added in Debug release mode) -> Very verbose logging

* BREAK_TO_ATTACH -> Print "Press Enter to continue..." and await input so can attach debugger

## PE Compilation Limitations

Executables launched by RunPE must be statically linked in order for StdOut and 

StdErr redirection to work correctly. To change this setting in Visual Studio:

* Open the project's properties

* Navigate to `Configuration Properties` -> `C/C++` -> `Code Generation`

* Change the value of `Runtime Library` to either `Multi-threaded (/MT)`

  or `Multi-threaded Debug (/MTd)`

* Recompile the project

## Argument Limitiations

Executables that do not use the Window's API [CommandLineToArgvW](https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-commandlinetoargvw) in order to parse arguments will not be passed appropriately through RunPE.

When running PE's that the operator has control over compilation, it is suggested to add support for parsing arguments using this API.

For example, the following code will work when the program is run independently, but will fail when passed to RunPE since `"foo"` has been shifted to `argv[2]`:

```c

if (argv[1] == "foo") {

    bar();

}

```

Example for refactoring `argv` to `CommandLineArgvW`:

```c

#include 

#include 

int main(int argc, char* argv[]) {

	int nArgs;

	LPWSTR *szArglist;

	

	szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs);

	for (int i = 0; i < nArgs; i++) {

		printf("argv[%d]: %ws\n", i, szArglist[i]);

	}

	return 0;

}

```