Windows

Having fun with PE files and GoLang

2 minute read Published:

Opening PE files with GoLang
New blog design, new post. Today I will show how GoLang interacts with PE files in a generic example. You could look further into the native module here or even check its source code here. I do recommend reading it, I am using some bits of code extracted directly from the module source. Here you go. package main import ( "fmt" "debug/pe" "os" "io" "encoding/binary" ) func check(e error) { if e !

Win32.Liora.B

5 minute read Published:

Windows version of Linux.Liora
So I decided to port my Linux.Liora (https://github.com/guitmz/go-liora) Go infector to Win32 and it worked great. Minor tweaks were needed in the code, you can run a diff between both and check it out. EDIT: Fixed the PE verification routine, it checks for a proper PE file now. Thanks hh86! Virus source: /* * Win32.Liora.B - This is a POC PE prepender written in Go by TMZ (2015). * * Win32.

Dynamic API Calls in .NET

2 minute read Published:

Using Reflection to call APIs dinamically
Today I’m going to share a way to call APIs without DLLImport. I’ve first saw this years ago at OpenSC.ws as far as I remember and got into the idea. The code was lost since then but I found a copy. Program.cs using System; using System.Reflection; namespace APICaller { class Program { ``` public static void Main(string[] args) { Console.Title = "Dynamic API Caller"; Console.WriteLine("Press any key to call your API!