Rss Feed
Tweeter button
Facebook button
Technorati button
Reddit button
Myspace button
Linkedin button
Webonews button
Delicious button
Digg button
Flickr button
Stumbleupon button
Newsvine button

MemoryModule 0.0.3 released

Much time has passed since the last version, so I’m pleased to announce the release of MemoryModule 0.0.3.

MemoryModule is a library that can be used to load a DLL completely from┬ámemory – without storing on the disk first.

Changes since 0.0.2:

  • fixed compilation issues with gcc
  • added mingw makefile
  • added support for 64bit DLLs
  • fixed compilation issue when using Vista SDK?
  • fixed wrong checking of result from LoadLibrary for errors (issue #2)
  • minor code cleanup

You can download the source from github, please report any issues in the tracker. As usual, any feedback, suggestions or patches are very welcome!

Monday, April 9th, 2012 Development

5 Comments to MemoryModule 0.0.3 released

  • NtDebug says:

    sometimesm, i used MemoryLoadlibrary load some DLL there has msvcr80.dll; And then, just return Flase;

  • GuoChunjian says:

    I study memoryModule.h and memoryModule.cpp, debug samples, very good.

  • GuoChunjian says:

    I think if we study how gcc link static library and upx encode method,it will be better.

  • acuna says:

    Hello Joachim Bauch,

    I use your MemoryModule and love it. :)
    First of all, thanks for the great code.

    Recently I got your new 0.0.3 version.
    It works perfectly with plain(unpacked) AMD-64 DLLs.

    But when I pack the AMD-64 DLL with MPRESS,
    MemoryModule crashes.
    (perhaps while calling DllEntry)

    I could not fix it.

    Could you test it please?
    Thank you

  • […] In the past few years, malware (and some pen-test tools like Metasploit’s meterpreter payload) have begun to use reflective DLL injection (PDF) to load a DLL into the memory of a process. The benefit is that the file is never written to disk and is difficult to detect. Many examples I’ve seen are based on Joachim Bauch’s work. […]

  • Leave a Reply