Nim-RunPE , is a Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory – which I ported to Nim.
You’ll need to install the following dependencies:
nimble install ptr_math winim
I did test this with Nim Version 1.6.2 only, so use that version for testing or I cannot guarantee no errors when using another version.
If you want to pass arguments on runtime or don’t want to pass arguments at all compile via:
nim c NimRunPE.nim
If you want to hardcode custom arguments modify const exeArgs to your needs and compile with:
nim c -d:args NimRunPE.nim – this was contributed by @glynx, thanks
The technique itself it pretty old, but I didn’t find a Nim implementation yet. So this has changed now. 🙂
If you plan to load e.g. Mimikatz with this technique – make sure to compile a version from source on your own, as the release binaries don’t accept arguments after being loaded reflectively by this loader. Why? I really don’t know it’s strange but a fact. If you compile on your own it will still work:
My private Packer is also weaponized with this technique – but all Win32 functions are replaced with Syscalls there. That makes the technique stealthier.
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…