đź”— dll-merger
Merging DLLs with a PE32 EXE without LoadLibrary.
Building the project
git clone https://github.com/ytk2128/dll-merger.git --recurse-submodules
- Open src/merger.sln
- Build Solution
Principle of merging
dll-merger merges DLLs with one PE32 EXE and injects the loader code into the PE32 EXE and the injected loader loads DLLs manually without LoadLibrary and thus the loaded DLLs are invisible in the PEB.
Demonstration
- Execute
merger.exe procexp.exe MyDLL.dll
procexp.exe_out.exe
is createdMyDLL.dll
is loaded in theprocexp.exe_out.exe
whenprocexp.exe_out.exe
is executed but it's invisible.