Forum > General

How to run a EXE (Win32 any) starting from memory

<< < (3/4) > >>

I think you could run the program copied into a ramdisk as a normal binary file, but I'm afraid that it would be a bit harder to create ramdisk on Windows than on *nix OSes (but not impossible).


--- Quote from: Laksen on June 27, 2010, 04:51:55 am ---As far as I can tell you won't get around having a stub executable somewhere, atleast to create the process itself. You cannot create an empty process and load data into it yourself

You can either load the code and data from the executable yourself by parsing the PE-COFF structure, and then have it execute in a thread in the same process space of the calling process, or the stub process. Probably about 1k lines of code

Or you can just save it to a temporary file(GetTempFilename, TProcess, etc). 10 lines of code :)

Is there any reason you won't use a temporary file?

--- End quote ---

probably he need to hide some executable for some reason. maybe to prevent
someone else to copy, maybe just to hide the real process from user, or maybe
he need to include another application but don't want to show.

AFAIK, the most logical ways to solve your problem already answered by Laksen,
the hard way (reading executable structure) or the easy way (create temporary
files). if you want the hard way, try to look upx source (and good luck).

FYI ramdrive is just like other drive, all files you copy into ramdrive still visible (and copyable) to user.


--- Quote from: Eric.Developer on June 27, 2010, 06:36:55 am ---You know how to create RAMDRIVE/RAMDISK dynamically via code, without third party applications?

--- End quote ---
Like I said, it's easy to do for example on Linux, but on Windows you need a special driver, so it's hard to do it via own code only. It would be easier if there was an 3rd party command-line application (or a DLL library), which could be used by other programs, but I don't know if such application exists. Like others said, the easiest and more reliable way to run the code is store it in temporary file and run normally.

José Mejuto:

--- Quote from: Eric.Developer on June 27, 2010, 07:46:26 am ---We are always returning the same options, had also thought, I described the topic the way I want. Thanks to those who tried to help, please, let's wait for news

--- End quote ---


It could be done, of course, but its far from easy, you must load the exe, process the relocations, create a process and inject the relocated code in that process. Then you must initialize the process and call the MAIN entry in the exe file.

After this, you need to solve some possible problems, like resources which expect to be available in the file (and there is no file), and other problems like that.

Of course this kind of techniques are complex and can change from OS revision to revision. As far as I know the same strategy is being used since WinNT to Vista with very small differences, but 64 bits are quite sure a serious problem.

The best code to learn how to do it is the UPX source code. The difference is that it does not create a new process, instead it modifies its own process loading the executable part in memory and keeping resources in the compressed file.



[0] Message Index

[#] Next page

[*] Previous page

Go to full version