[Tools] dotNetPELoader——A C# PE loader for x64 and x86 PE files.

First Post:

2026-02-06

Last Update:

2026-02-13

Word Count:

187

Read Time:

1 min

Introduction

Recently, when I was developing a fileless execution method for DuplexSpy RAT version 2, I could hardly find a C#-based x86 PE loader.
Most existing implementations I found were x64-only, such as the one developed by Casey Smith

Therefore, I decided to develop a C#-based x86 PE loader myself.

This console application allows you to load either x86 or x64 PE files into memory.
First, it reads the file bytes from the specified file path, then determines the architecture of both the loader and the target PE file.

An x64 PE cannot be loaded by an x86 loader, and vice versa.

View the GitHub repository here

Features

Load x86 PE in x86 process
Load x64 PE in x64 process
Handles relocation and import resolving
Fully written in C#

If you find this project useful, a ⭐ would be appreciated.

Usage

1
2
3

dotNetPELoader.exe --x64 x64_file.exe
dotNetPELoader.exe --x86 x86_file.exe
dotNetPELoader.exe --coffee

Demonstration

x64 - mimikatz

If you try to load an x86 PE while the loader is an x64 loader, an exception will be thrown:

1	`dotNetPELoader.exe --x64 mimikatz`

x86 - mimikatz

1	`dotNetPELoader.exe --x86 mimikatz`

THANKS FOR READING

≡