comrade's bureau


comments?

PE Tools


On this page, you will find a collection of various tools I made over years to deal with portable executables and Windows processes.

Download

petools.rar (22 KB)
The tools are released under the BSD license.
Source code is included. To recompile the files, you will need FASM (at least v1.67.26) and the additional include files from this page.

Inject Tool

Inject is a tool that injects a DLL into a running process. Its command-line usage is as follows:

  1. Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll
  2. Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll
  3. Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll
  4. Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll
  5. Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll
Note that in all uses, you should specify the full path to the injected DLL.

Loader Tool

Loader is a tool that injects a DLL before launching a process. Its command-line usage is as follows:

  1. Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll
Note that you should specify the full path to the injected DLL.

Patch Tool

Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.
The tool's command-line usage is as follows:

  1. Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll

Reimport Tool

Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll.

Comments

[an error occurred while processing this directive]