![\"\"](\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/09\/overDLLoader.gif.gif\")
<\/a><\/figure>\n\n\n\nI am not 100% sure it is a correct PE file (in terms of all structures filled in properly), but it seems to run on windows 11 (with a caveat that it reports a critical error).<\/p>\n\n\n\n
If you are wondering what is the purpose of this exercise, I’d like to throw a few ideas:<\/p>\n\n\n\n
- \n
- linking to many OS-dependent libraries could be an interesting guardrail technique<\/li>\n\n\n\n
- it may break tools (it would seem it breaks python’s pefile module and it causes problems to decompilers)<\/li>\n\n\n\n
- it is a great learning exercise about a PE file format; after so many years of dealing with it I am still surprised how much I don’t know about it<\/li>\n<\/ul>\n\n\n\n
And here’s the import table as seen by Ida:<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/09\/overdlloaded.png\")
<\/a><\/figure>\n\n\n\nAn attempt to copy these function names to clipboard pretty much freezes the program.<\/p>\n","protected":false},"excerpt":{"rendered":"
Some time ago I came up with a silly idea: i’d like to build an executable that statically links to most of the c:\\windows\\system32 libraries. It’s a non-sensical programming exercise, but it’s also an interesting challenge. Forcing a static import … Continue reading