A Nim implementation of reflective PE-Loading from reminiscence. The bottom for this code was taken from RunPE-In-Reminiscence – which I ported to Nim.
You will want to put in the next dependencies:
nimble set up ptr_math winim
I did take a look at this with Nim Model 1.6.2 solely, so use that model for testing or I can not assure no errors when utilizing one other model.
Compile
If you wish to move arguments on runtime or do not need to move arguments in any respect compile through:
nim c NimRunPE.nim
If you wish to hardcode customized arguments modify const exeArgs to your wants and compile with:
nim c -d:args NimRunPE.nim – this was contributed by @glynx, thanks!
😎
Extra Info
The method itself it fairly outdated, however I did not discover a Nim implementation but. So this has modified now. 🙂
When you plan to load e.g. Mimikatz with this system – make sure that to compile a model from supply by yourself, as the discharge binaries do not settle for arguments after being loaded reflectively by this loader. Why? I actually do not know it is unusual however a reality. When you compile by yourself it can nonetheless work:
Â
My non-public Packer can be weaponized with this system – however all Win32 features are changed with Syscalls there. That makes the method stealthier.
