1

I'm here to ask if anyone here can help me. I have been doing the following:

  1. Copy bytes from file
  2. Encrypt and convert bytes to string by using base64
  3. Write the string to a program with a binary writer
  4. The program will pick up on the string and store it in a variable
  5. The program will now convert it back to a byte array and decrypt it
  6. Now I tried to get the program to run the bytes with assembly.load (where it goes wrong)

System.BadImageFormatException: Could not load file or assembly

If you need any other details please ask.

NOTE: I want to be able to do this with any program (so any architecture, native or not), I don't want to write the bytes to a file and run the new file, I want everything to be done within memory and not on the storage device after execution.

Thanks to everyone in advance.

Example of running the byte array:

Assembly exeAssembly = Assembly.Load(decryptedBuffer);

object[] parameters = new object[1];
exeAssembly.EntryPoint.Invoke(null, parameters);

[SOLUTION] I used RunPE to self inject the bytes into the stub. Works fine, thanks to everyone who helped!

Lewis
  • 21
  • 4
  • 1
    You have a bunch of requirements here, and because you want to load any file of any type native of not, i suggest you start researching the difference between .net and a regular PE Files, and look at the win32 api call `CreateProcess`, there are many solutions on the net that can do this for .net applications and also for PE files, id start there, when you have a problem come back and see us – TheGeneral May 09 '20 at 00:24
  • I remember this error "BadImageFormatException" from experimenting with Roslyn assemblies where I compiled c# in runtime to an assembly in memory. You are initializing a binary decrypted file as an assembly. In either case **check references** of your assembly and make sure to add them, before you invoke the entry point. you will have to connect an array of type MetadataReference[] to your assembly to let it work, but I'm not sure if it is done the same way when you read a binary. – Goodies May 09 '20 at 01:10

0 Answers0