How to run a PE image without linking kernel32.dll and ntdll.dll

Question

I tried to write a peloader. I first load the executable image and all it\'s dependent dlls(include kernel32.dll and ntdll.dll) into memory, process all import address table, re

Answer 1

If you wish to use your own version of ntdll.dll (a.dll) in your code then you can read the dll using Readfile() and parse the PE structures to use in your code. for eg: you may parse the Export Name Table, Export ordinal table and Export address table to find pointers to the exported functions and use the same in your executable.