Skip to content
/ pelauncher Public

Portable Executable launcher for Windows NT bypassing loader

License

MIT license
74 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dz333n/pelauncher

BranchesTags

Repository files navigation

Portable Executable Launcher for Windows NT CI

What is this?

This tool tricks the Windows NT low‑level Portable Executable (.exe) loader. It starts a valid executable and then replaces its in‑memory image with another PE of your choice, even if Windows refuses to load the target executable.

Download

Downloads appropriate platform artifact from latest workflow: CI

Screenshots

2025

2025 screenshot

2020

2020 screenshot

2019

2019 screenshot

How does this work?

  1. PE Launcher starts stub.exe (any valid executable; user configurable) in a suspended state.
  2. Windows NT creates the stub.exe process and loads its image into memory.
  3. PE Launcher reads target.exe from disk.
  4. It replaces the in‑memory image of stub.exe with sections/resources from target.exe.
  5. Although Windows NT validated and loaded stub.exe, the image in memory is now target.exe.
  6. PE Launcher resumes the process.
  7. Windows NT begins executing the app.

Why?

No particular reason - this was made for fun.

  • Start Windows CE applications (with WCECL) without modifying the executable.
  • Attempt to start the Windows kernel in user space (likely won't work; it tends to fail DLL resolution).
  • Windows 10 refuses to launch the Windows XP setup (winnt32.exe). PELauncher can trick the system and start this soft‑locked setup on modern Windows. However, it currently fails to resolve winnt32u.dll (investigation is needed)
  • Run native NT executables in Win32 user space. Fun fact: probably a Windows issue, but running the 32‑bit smss.exe (e.g., the Windows XP version) on Windows 11 can crash the system completely, even without administrator privileges.
  • May bypass some antivirus checks.

Limitations and issues

  1. Shitcode. This was shitcoded by me a few years ago, so be aware that there may be code issues and memory leaks.
  2. Compatibility: Works well on Windows 10. It also ran on XP (2025 update: the Windows XP build no longer works due to v141_xp toolset deprecation). The program does not work on Vista or 7, for some reason. (Actually, I'm not sure if the modern toolset targets Win 6.x)

Build

Open pelauncher.sln in Visual Studio 2022 and build with the latest MSVC toolset.

Visual Studio 2017 was used to create this project. (ported to VS2022 due to deprecations)

Credits

  • This question on Stackoverflow
  • ChatGPT - vibecoded x64 version without any extra effort, lol

About

Portable Executable launcher for Windows NT bypassing loader

Topics

windows winapi win32 pe portable-executable reactos windows-nt winldr peloader wcecl

Resources

Readme

License

MIT license
Activity

Stars

74 stars

Watchers

4 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages