From Collaborative RCE Tool Library

Jump to: navigation, search

Comrade's PE Tools

Tool name: Comrade's PE Tools
Rating: 0.0 (0 votes)
Author: Comrade                        
Current version:
Last updated: July 31, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: * Inject Tool

Inject is a tool that injects a DLL into a running process. Its command-line usage is as follows:

1. Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll
2. Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll
3. Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll
4. Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll
5. Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll

Note that in all uses, you should specify the full path to the injected DLL.

* Loader Tool

Loader is a tool that injects a DLL before launching a process. Its command-line usage is as follows:

1. Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll

Note that you should specify the full path to the injected DLL.

* Patch Tool

Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.
The tool's command-line usage is as follows:

1. Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll

* Reimport Tool

Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll.
Related URLs: No related URLs have been submitted for this tool yet

RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Category Navigation Tree
   Needs New Category  (3)