Nim-RunPE , is a Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory – which I ported to Nim.
You’ll need to install the following dependencies:
nimble install ptr_math winim
I did test this with Nim Version 1.6.2 only, so use that version for testing or I cannot guarantee no errors when using another version.
If you want to pass arguments on runtime or don’t want to pass arguments at all compile via:
nim c NimRunPE.nim
If you want to hardcode custom arguments modify const exeArgs
to your needs and compile with:
nim c -d:args NimRunPE.nim
– this was contributed by @glynx, thanks
The technique itself it pretty old, but I didn’t find a Nim implementation yet. So this has changed now. 🙂
If you plan to load e.g. Mimikatz with this technique – make sure to compile a version from source on your own, as the release binaries don’t accept arguments after being loaded reflectively by this loader. Why? I really don’t know it’s strange but a fact. If you compile on your own it will still work:
My private Packer is also weaponized with this technique – but all Win32 functions are replaced with Syscalls there. That makes the technique stealthier.
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…