Showing posts from April, 2020

Calling Arbitrary Functions In EXEs: Performing Calls to EXE Functions Like DLL Exports

Motivation When reversing or fuzzing an executable, being able to run an arbitrary function with controlled data is extremely helpful. Through iteratively playing with the function's parameters and examining the output, we can better understand the function's logic.
Background A dll (Dynamic Linked Library) with our target function would allow us to conveniently review and test the function as we wish. The only problem is that usually the function we want to examine resides in an exe, not a dll. Converting¹ an exe to a dll is a solvable challenge. After all, both an exe and a dll share the same PE (Portable Executable) file format.  So let's explore, how can we convert¹ an exe to a dll?
Spoiler: there are a few more steps than just changing the extension 😉
¹ "convert to DLL" = fundamentally behave like a DLL.

I'll use this exe created from the following code and target the decode_string function for demonstration purposes throughout this post.

Challenges Th…