我有一个要分析/调试的 dll 文件。为此，我使用 ollydbg。但是当我用 ollydbg 打开文件时，会出现以下消息：

    File 'C:\..........\Conficker.exe' is a Dynamic Link Library. Windows can't
    execute DLLs directly. Launch LOADDL.EXE ?

（注意：如你所见，上面提到的dll文件是Conficker的一个样本）在一篇关于Conficker的分析论文中，他们写道：

    After unpacking, we find that the UPX packed binary file is not the original code
    but incorporates an additional layer of packing. We use IDA Pro to remove this 
    second layer of obfuscation and dump the original code from memory. 
    To do so, we first run the Conficker service, snapshot the core Conficker library
    as a memory image, and from this code segment reconstruct a complete Windows
    executable program. The program requires a PE-header template, 
    and we compute an entry point that allows the program to enter Conficker's code 
    segment. 
    (source : http://mtc.sri.com/Conficker/)

老实说，虽然我想学习所有这些东西，但我不明白他们试图解释什么或如何达到这一点。我唯一明白的是，他们以某种方式将 dll 变成了“完整的 Windows 可执行程序”。所以，我在 inet 中搜索，我发现了这个：

   We all have our own methods for debugging DLLs, and my personal choice is to modify 
   the DLL bit flag to turn it into an EXE to the eyes of the debugger 
   Among other PE editors, CFF Explorer from ntcore is a tool that allows to do that.
   (source: http://blog.fortinet.com/post/the-art-of-unpacking-conficker-worm)

所以，我已经下载了 CFF Explorer，但我不知道如何“修改 DLL 位标志以将其转换为 EXE”。虽然我在 inet 中搜索，但我找不到任何关于它的信息。

有人可以帮助我吗？

最好的祝福，