run an executable located in a memory buffer
-
is there a way to run an executable located in a memory buffer, that isn't physically on the disk? This isn't real code, but it will give you an idea of what I am trying to do. CRunMyNativeCode foo; foo.run(LPVOID);
Beer26 wrote: is there a way to run an executable located in a memory buffer, that isn't physically on the disk? Maybe. But wouldn't it be easier just to write that buffer to a temp-file .exe and execute that one? What are you writing, a virus?
-
is there a way to run an executable located in a memory buffer, that isn't physically on the disk? This isn't real code, but it will give you an idea of what I am trying to do. CRunMyNativeCode foo; foo.run(LPVOID);
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it. Look at GlobalAlloc() (from MS docs) : "Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code." Or, VirtualAlloc( ..., DWORD flProtect ) : flProtect = PAGE_EXECUTE_READWRITE; Enables execute, read, and write access to the committed region of pages. Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer. ...cmk Save the whales - collect the whole set
-
Beer26 wrote: is there a way to run an executable located in a memory buffer, that isn't physically on the disk? Maybe. But wouldn't it be easier just to write that buffer to a temp-file .exe and execute that one? What are you writing, a virus?
Mike Nordell wrote: What are you writing, a virus? It could be a software protection system where the executable is encrypted and then decrypted to memory using a key. John
-
Beer26 wrote: is there a way to run an executable located in a memory buffer, that isn't physically on the disk? Maybe. But wouldn't it be easier just to write that buffer to a temp-file .exe and execute that one? What are you writing, a virus?
-
Mike Nordell wrote: What are you writing, a virus? It could be a software protection system where the executable is encrypted and then decrypted to memory using a key. John
-
Mike Nordell wrote: What are you writing, a virus? It could be a software protection system where the executable is encrypted and then decrypted to memory using a key. John
John M. Drescher wrote: It could be a software protection system ... Then he's going about it the completely wrong way. He doesn't want to create a new process ("run an executable", which in Win32 implies a .exe file - and since he's already inside a running process it must be a new process he's requesting) - he wants it to run in the current process. Like calling a function within the same process, but an encrypted function. If the requirements are wrong, the end result can only be correct by pure luck.
-
I don't want to allow access to the .exe being written, not even for an instant. It is not for a virus. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
Beer26 wrote: I don't want to allow access to the .exe being written, not even for an instant. That wasn't a requirement according to your question. You just told you had "executable located in a memory buffer". An executable in Win32 is a PE file. It is not for a virus. Good to know. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid. I can without problems accept people telling me I insult them. But me asking if you were writing a virus (even that I admit I missed the smiley at the end, why it was obviously impossible for you to know that I wasn't that serious) I think was quite ligit considering how you worded your question. If you choose to think of me in terms of "stupid" that's your choice, and them it's my right to not telling you how you make sure e.g. IAT's are patched and how you *really* get the libraries you need loaded, or just not give any pointer in the right direction. Have a nice day.
-
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it. Look at GlobalAlloc() (from MS docs) : "Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code." Or, VirtualAlloc( ..., DWORD flProtect ) : flProtect = PAGE_EXECUTE_READWRITE; Enables execute, read, and write access to the committed region of pages. Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer. ...cmk Save the whales - collect the whole set
-
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it. Look at GlobalAlloc() (from MS docs) : "Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code." Or, VirtualAlloc( ..., DWORD flProtect ) : flProtect = PAGE_EXECUTE_READWRITE; Enables execute, read, and write access to the committed region of pages. Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer. ...cmk Save the whales - collect the whole set
-
I don't want to allow access to the .exe being written, not even for an instant. It is not for a virus. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
Beer26 wrote: if I may permit myself to say so, was stupid. With 9 messages posted, I don't think you can permit yourself to insult other members. For that matter of fact even if you were the guru here, you still cannot call someone's suggestions stupid. Mike's question is very legitimate. I also thought that you were writing a virus. Writing exe packers or decrypters requires certain steps which you could have explained very briefly in your post. Like Mike, I choose not to help you. // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
Beer26 wrote: if I may permit myself to say so, was stupid. With 9 messages posted, I don't think you can permit yourself to insult other members. For that matter of fact even if you were the guru here, you still cannot call someone's suggestions stupid. Mike's question is very legitimate. I also thought that you were writing a virus. Writing exe packers or decrypters requires certain steps which you could have explained very briefly in your post. Like Mike, I choose not to help you. // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
"I also thought that you were writing a virus." It is of my opinion that your comments are stupid too. "You cannot insult people!!!!" I wasn't insulting anyone, just stating my own opinion. The germans did not win the 2nd war. I have the right.
Beer26 wrote: It is of my opinion that your comments are stupid too. You're opinions are very insignificant. Happy 5th birthday! // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
Beer26 wrote: It is of my opinion that your comments are stupid too. You're opinions are very insignificant. Happy 5th birthday! // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
Toni78 wrote: Happy 5th birthday! That's only making it worse. The best way to treat someone you think is insulting you is to just ignore it. People's opinions are not insignificant, no matter what they are.
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
ok, I missed that part about casting the pointer to a function. I'm not sure how that could possibly work though, but Thanks again, I will try that
Beer26 wrote: I'm not sure how that could possibly work though It should work, but you need to be really careful. Someone asked a very similar question about a week ago, and a few of us cautioned him on the dangers of executing code generated in memory. But if you know what you're doing, it should work no problems :)
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
Toni78 wrote: Happy 5th birthday! That's only making it worse. The best way to treat someone you think is insulting you is to just ignore it. People's opinions are not insignificant, no matter what they are.
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
is there a way to run an executable located in a memory buffer, that isn't physically on the disk? This isn't real code, but it will give you an idea of what I am trying to do. CRunMyNativeCode foo; foo.run(LPVOID);
point CS:IP at your code
I'm going to live forever or die trying!
-
point CS:IP at your code
I'm going to live forever or die trying!
-
Well, he asked ;)
I'm going to live forever or die trying!