hasherezade / dll_to_exe Goto Github PK

It closes whenever I push any button, how do I get it to work properly?

Hello @hasherezade ,
I'm a new GitHub user with little to no C++ programming xp. i need to convert a native .dll file into a .exe. In the file finder, there are numerous files (i.e pe_handler.cpp, main.cpp, CMakeLists.txt e.t.c) with varying codes. What does each file do?
If you're free can you walk me through the process on how to convert my native .dll file to .exe like you'd a 13 yr old kid? Thanks

I try to convert notpetya sample to exe, but it must pass the 1 args. so it did'nt run :(
when it still dll, i usually run it like this
rundll32 perfc.dat,#1

any solution ?

Hello,

I was using dll_to_exe on a 64 bit dll
After I convert it to exe and debugged with IDA & Windbg
It gave me the ACCESS_VIOLATION error (Exception code C0000005)

After some tracing I found the bug happens to be in the back_stub for the 64 bit dll:

    BYTE back_stub64[] = {
        0x65, 0x48, 0x8B, 0x0C, 0x25, 0x60, 0x00, 0x00, 0x00, // mov rcx,qword ptr gs:[0x60]
        0x48, 0x8B, 0x4E, 0x10, // mov rcx,qword ptr ds:[rsi+10]  <-- ACCESS_VIOLATION error
        0x48, 0x8B, 0xF9, // mov rdi, rcx
        0xBA, 0x01, 0x00, 0x00, 0x00, // mov edx, 1
        0x48, 0x8B, 0xDA, // mov rbx, rdx
        0x4C, 0x8B, 0xC0, // mov r8, rax
        0xE9, 0xDE, 0xAD, 0xF0, 0x0D, //jmp [ep]
        0xC3 //ret
    };

The second instruction is mov rcx,qword ptr ds:[rsi+10], while rsi is NULL, causing the error.
According to your blog, I believe it should be [rcx + 10h] instead of [rsi + 10h] ?

Also if we're calling DllMain(handle, 1, 0), I think the back_stub should be something like:

    BYTE back_stub64[] = {
        0x65, 0x48, 0x8B, 0x0C, 0x25, 0x60, 0x00, 0x00, 0x00, // mov rcx,qword ptr gs:[0x60]
        0x48, 0x8B, 0x49, 0x10, // mov rcx,qword ptr ds:[rcx+10], 1st arg = handle
        0xBA, 0x01, 0x00, 0x00, 0x00, // mov edx, 1, 2nd arg = 1
        0x4D, 0x31, 0xC0, // xor r8, r8, 3rd arg = 0 ( at this point rax != 0, which will make r8 non-zero if we use mov r8, rax)
        0xE8, 0xDE, 0xAD, 0xF0, 0x0D, // call [ep] instead of jmp [ep]
        0xC3 //ret
    };

Not sure if we have to set rdi and rbx while calling DllMain in 64 bit dll ( I'm not familiar with Windows , please correct me if I misunderstood anything ).