Sweetdream is a fully recursive, portable executable (PE) loader written in C. The concept emerged while practicing recursion through Codewars problems in preparation for an upcoming exam. This sparked a simple question:
Wouldn’t it be interesting if import resolution and relocation handling were implemented recursively?
And here we are.
Note
TL;DR: This is stupid, don't use it. 🙏 😭 💯
This project is a proof of concept and not production-ready. Currently, the loader remains in memory while the machine is unlocked, as it only activates once the machine is locked.
- It's Recursive!
- API Hashing
- DLL Unhooking
- AMSI & ETW Patch
- Anti-Debugging using smelly_vx's "Fever Dream" trick.
- Thread-Routine encryption while machine is unlocked
- Deletion of the PE headers of the loaded binary
Here I would just like to thank Nox and cyb3rjerry for dealing with my stupid questions and rambling while developing this pretty useless loader. :)
It ain't much but it's honest work. :P