
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

Primary LanguageC++


Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique


As shown in the Image:
The command line of the Remote PE is exacly the same as this command line.
Run the Loader with the arguments of the Remote PE
The URI of the remote server comes then
I invited u to solve that URI passing as arg
Unfortunately the current version , take URI in this form : https://domain.any/PathToPE
i will improve it to accept this type : [http/https]://IPv4:[port]/PathToPE sooner .


[http/https]://IPv4:[port]/PathToPE improved :
https:/[IPv4]:[port]/PathToPE also works

image image image