MemoryModule 0.0.3 released
Much time has passed since the last version, so I’m pleased to announce the release of MemoryModule 0.0.3.
MemoryModule is a library that can be used to load a DLL completely from memory – without storing on the disk first.
Changes since 0.0.2:
- fixed compilation issues with gcc
- added mingw makefile
- added support for 64bit DLLs
- fixed compilation issue when using Vista SDK?
- fixed wrong checking of result from LoadLibrary for errors (issue #2)
- minor code cleanup
You can download the source from github, please report any issues in the tracker. As usual, any feedback, suggestions or patches are very welcome!
sometimesm, i used MemoryLoadlibrary load some DLL there has msvcr80.dll; And then, just return Flase;
I study memoryModule.h and memoryModule.cpp, debug samples, very good.
I think if we study how gcc link static library and upx encode method,it will be better.
Hello Joachim Bauch,
I use your MemoryModule and love it.
First of all, thanks for the great code.
Recently I got your new 0.0.3 version.
It works perfectly with plain(unpacked) AMD-64 DLLs.
But when I pack the AMD-64 DLL with MPRESS,
MemoryModule crashes.
(perhaps while calling DllEntry)
I could not fix it.
Could you test it please?
Thank you
[…] In the past few years, malware (and some pen-test tools like Metasploit’s meterpreter payload) have begun to use reflective DLL injection (PDF) to load a DLL into the memory of a process. The benefit is that the file is never written to disk and is difficult to detect. Many examples I’ve seen are based on Joachim Bauch’s work. […]