run an executable located in a memory buffer
-
I don't want to allow access to the .exe being written, not even for an instant. It is not for a virus. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
Beer26 wrote: I don't want to allow access to the .exe being written, not even for an instant. That wasn't a requirement according to your question. You just told you had "executable located in a memory buffer". An executable in Win32 is a PE file. It is not for a virus. Good to know. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid. I can without problems accept people telling me I insult them. But me asking if you were writing a virus (even that I admit I missed the smiley at the end, why it was obviously impossible for you to know that I wasn't that serious) I think was quite ligit considering how you worded your question. If you choose to think of me in terms of "stupid" that's your choice, and them it's my right to not telling you how you make sure e.g. IAT's are patched and how you *really* get the libraries you need loaded, or just not give any pointer in the right direction. Have a nice day.
-
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it. Look at GlobalAlloc() (from MS docs) : "Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code." Or, VirtualAlloc( ..., DWORD flProtect ) : flProtect = PAGE_EXECUTE_READWRITE; Enables execute, read, and write access to the committed region of pages. Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer. ...cmk Save the whales - collect the whole set
-
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it. Look at GlobalAlloc() (from MS docs) : "Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code." Or, VirtualAlloc( ..., DWORD flProtect ) : flProtect = PAGE_EXECUTE_READWRITE; Enables execute, read, and write access to the committed region of pages. Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer. ...cmk Save the whales - collect the whole set
-
I don't want to allow access to the .exe being written, not even for an instant. It is not for a virus. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
Beer26 wrote: if I may permit myself to say so, was stupid. With 9 messages posted, I don't think you can permit yourself to insult other members. For that matter of fact even if you were the guru here, you still cannot call someone's suggestions stupid. Mike's question is very legitimate. I also thought that you were writing a virus. Writing exe packers or decrypters requires certain steps which you could have explained very briefly in your post. Like Mike, I choose not to help you. // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
Beer26 wrote: if I may permit myself to say so, was stupid. With 9 messages posted, I don't think you can permit yourself to insult other members. For that matter of fact even if you were the guru here, you still cannot call someone's suggestions stupid. Mike's question is very legitimate. I also thought that you were writing a virus. Writing exe packers or decrypters requires certain steps which you could have explained very briefly in your post. Like Mike, I choose not to help you. // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
"I also thought that you were writing a virus." It is of my opinion that your comments are stupid too. "You cannot insult people!!!!" I wasn't insulting anyone, just stating my own opinion. The germans did not win the 2nd war. I have the right.
Beer26 wrote: It is of my opinion that your comments are stupid too. You're opinions are very insignificant. Happy 5th birthday! // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
-
Beer26 wrote: It is of my opinion that your comments are stupid too. You're opinions are very insignificant. Happy 5th birthday! // Afterall, I realized that even my comment lines have bugs When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
Toni78 wrote: Happy 5th birthday! That's only making it worse. The best way to treat someone you think is insulting you is to just ignore it. People's opinions are not insignificant, no matter what they are.
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
ok, I missed that part about casting the pointer to a function. I'm not sure how that could possibly work though, but Thanks again, I will try that
Beer26 wrote: I'm not sure how that could possibly work though It should work, but you need to be really careful. Someone asked a very similar question about a week ago, and a few of us cautioned him on the dangers of executing code generated in memory. But if you know what you're doing, it should work no problems :)
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
Toni78 wrote: Happy 5th birthday! That's only making it worse. The best way to treat someone you think is insulting you is to just ignore it. People's opinions are not insignificant, no matter what they are.
Ryan
"Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
-
is there a way to run an executable located in a memory buffer, that isn't physically on the disk? This isn't real code, but it will give you an idea of what I am trying to do. CRunMyNativeCode foo; foo.run(LPVOID);
point CS:IP at your code
I'm going to live forever or die trying!
-
point CS:IP at your code
I'm going to live forever or die trying!
-
Well, he asked ;)
I'm going to live forever or die trying!