Hello,
I have a problem with my custom PE Loader it's like a fucking lottery some binaries are working and others not. By working i mean they are successfully executed in memory and do its job.
So in short my loader performs these actions:
Is there anything i forgot to cover in my loader? I was wondering if i need to allocate TLS Slots or sth.
Generally loader works but for some binaries like Xmrig.exe it doesnt (ACCESS VIOLATION) i will try to debug more in the future but maybe someone experienced can see my mistakes from high level overview.
Thanks
I have a problem with my custom PE Loader it's like a fucking lottery some binaries are working and others not. By working i mean they are successfully executed in memory and do its job.
So in short my loader performs these actions:
- Parse PE file
- Allocate RW with aligned size of image
- Temporary copy headers to allocated memory
- Copy sections to allocated memory
- Calculate delta and perform relocations
- Resolve Import Address Table (IAT)
- Set appropriate protection flags for each section by their Characteristics
- Execute TLS callbacks
- Clear headers
- If DLL build exports and call DllMain
- If EXE just call entry point
Is there anything i forgot to cover in my loader? I was wondering if i need to allocate TLS Slots or sth.
Generally loader works but for some binaries like Xmrig.exe it doesnt (ACCESS VIOLATION) i will try to debug more in the future but maybe someone experienced can see my mistakes from high level overview.
Thanks