Clementine is a fresh take on reflective loading

The loader attempts to reserve memory for the PE at it's preferred address, in order to avoid performing relocation. Afterwards it will allocate each section and proceed with relocation if needed. The DOS and NT headers are left out, as having them in private memory doesn't make sense. Finally it resolves imports and finishes by calling the user-defined function

The injector is planned to be simple, as it's purpose will be to show off the loader itself

The helper component contains the code I used to calculate the function names' hashes

• API hashing without walking the PEB. Since the injector will be backed by a file, it can safely call LoadLibrary and pass the address to the loader

• !WILL BE CHANGED! As call stacks from LoadLibrary, NtAllocateVirtualMemory and NtProtectVirtualMemory leading to unbacked RX memory can lead to detections, Clementine uses TpAllocWork to execute callbacks, as per the second reference

• Sets up exception handlers and executes TLS callbacks, if they exist

• Sleep mask

• Inject PE in chunks and clean up after allocation

• Hooks

• x86 support

Gonna fill this in when the project is done

• Everything would have took longer to implement without: https://github.com/memN0ps/venom-rs/tree/main
• Custom call stacks: https://0xdarkvortex.dev/hiding-in-plainsight/