However, in most cases the DOS part only prints some error message saying that the program cannot be started under MS-DOS. If you start the "PE" executable under MS-DOS (or any compatible operating system), DOS will ignore the 32- or 64-bit part and execute the MS-DOS EXE file at the start of the "PE" executable file.Ī few programs are written in a way that the DOS EXE file at the start of the PE file is doing the same as the Windows part, so you can use the same EXE file both under DOS and Windows. (Type2)Ī "PE" executable consists of some MS-DOS EXE file followed by a 32- or 64-bit part. Why does it not work if I want to push a (Type1)program into the Memory with the (Type2)RunPe-InMemory executable which I made from the Github repository. What is the difference between "This program must be run under Win32"(Type1) and "This program cannot be run in DOS mode."(Type2) I also looked up those two terms, but I only get Threads about people who try to run these Windows-PEs in DOSBox or similar things. "must be run under Win32" = "cannot be run in DOS mode." in my opinion. But if there are only these two types, why is there a difference? "This program must be run under Win32" for the trojan executable.įurthermore the two Binaries differ in the first chars: MZ and MZP.Īfter opening up more binaries and testing them, I came to the conclusion that the ones with "This program must be run under Win32" do not work.Īs far as i know and also googled, there are DOS and Windows executables. "This program cannot be run in DOS mode." for the compiled runPE loader A thing what seemed strange to me were the two lines I can find "PE L" in both binaries, so as far as I know it is both 32bit. My first intention then was to open the EXE in a text editor and look if it is even the same architecture. In Darkcomet there is also an option for making the malicious server file noticeable, so it is safe that I did not fail at any port-forwarding stuff. I thought because Darkcomet it coded in Delphi (which outputs a native?), it would work like any other EXE-File (Like the ones provided at Github), but it just does not start. I tried it with several, e.g Darkcomet or Darktrack (It needs to be something old what is already well known to demonstrate how you could reuse them). I found a really good source at Github:, which works perfectly for my uses (I already changed it for my purposes etc), except for the trojan I want to run. However the question concerns something else. It is only for educational purposes, in specific for a school project (will be part of my graduation). Because it is high likely that someone will ask later: Yes, it will be used for malicious software in order to hide it from AV. I am currently trying to get an executable running in memory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |