Recent

Author Topic: How to run a EXE (Win32 any) starting from memory  (Read 28024 times)

Eric.Developer

  • New Member
  • *
  • Posts: 14
    • Developer Systems
How to run a EXE (Win32 any) starting from memory
« on: June 22, 2010, 01:09:20 am »
Hi All,

How to run a EXE (Win32 any) starting from memory ?
assuming an EXE was stored in the database or load disk, read and assign the variable, then starting to run (without saving to disk).
« Last Edit: June 22, 2010, 01:55:11 pm by Eric.Developer »
Eric Developer
{Delphi, Lazarus, PHP}, SQL, FastReport
Xailer, Fivewin, Hwgui, Harbour, Clipper, ADVPL
Freelance, Developments

LazaruX

  • Hero Member
  • *****
  • Posts: 597
  • Lazarus original cheetah.The cheetah doesn't cheat
Re: Run EXE (any) from memory
« Reply #1 on: June 22, 2010, 01:26:55 am »
What is the question? I didn't see any question marks in your sentence.
When you lunch an EXE, the operating system mostly copies it to RAM and executes it from there.
Suppose you start an application from a floppy (example ;-) ) and then remove the floppy, the application still run's because its in memory. If this EXE uses external files then the app may crash.
Again please specify the question

LazaruX

  • Hero Member
  • *****
  • Posts: 597
  • Lazarus original cheetah.The cheetah doesn't cheat
Re: Run EXE (any) from memory
« Reply #2 on: June 22, 2010, 11:06:48 am »
Sorry Eric, I don't understand your question, maybe it me, I don't know.

If your question is:
"Can I run an EXE from memory" then the answer is yes

For the est, I cannot help you, others should answer you sorry

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9682
  • Debugger - SynEdit - and more
    • wiki
Re: How to run a EXE (Win32 any) starting from memory
« Reply #3 on: June 22, 2010, 11:26:31 am »
He wants to load binary code as data, and then execute it. He doesn't want to load the code from an *.exe file, but a different source

This is what he wants. (But I don't know how to do it)

Var MyCode : Array of byte;

SetLength(MyCode, xxx);
Mycode := LoadCodeFromDB;

asm
 jmp MyCode[0]
end;

Several problems:
- code versus data segment violation (if the architecture/OS support none executable protection of data
- relocation (unless his code is completly written using relative addressing only)


« Last Edit: June 22, 2010, 11:28:38 am by Martin_fr »

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9682
  • Debugger - SynEdit - and more
    • wiki
Re: How to run a EXE (Win32 any) starting from memory
« Reply #4 on: June 22, 2010, 01:13:18 pm »
No, you misunderstand me.

I do not know the answer. I was explaining you question, because BPsoftware said he did not understand it.


Best idea I can offer is to search (google) for the source (probably in C) of a tool like upx.

Because upx does load, decompress, and then execute => so it does what you need.

LazaruX

  • Hero Member
  • *****
  • Posts: 597
  • Lazarus original cheetah.The cheetah doesn't cheat
Re: How to run a EXE (Win32 any) starting from memory
« Reply #5 on: June 22, 2010, 01:40:19 pm »
i see, now, well a bit similar to Resources then maybe....

Laksen

  • Hero Member
  • *****
  • Posts: 724
    • J-Software
Re: How to run a EXE (Win32 any) starting from memory
« Reply #6 on: June 22, 2010, 02:51:41 pm »
It's probably easiest to store it in a temporary file and then delete it when it's done executing with TProcess

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4447
  • I like bugs.
Re: How to run a EXE (Win32 any) starting from memory
« Reply #7 on: June 26, 2010, 11:57:14 pm »
anyone, any tips (EXE starting memory)?
Those who understand C + + or assembly and can convert to Pascal, I can search by codes

You got some answers already. Like:
- You can't execute code from a data segment in a modern processor.
- You can use a compressor upx if the binary size is the problem.
- You can create a temporary executable file and run it.

What do you actually want to do? It sounds you want some "normal" operation done in a tricky way.
Let me guess: You are making some kind of plugin system where code modules are loaded dynamically when needed. Those modules can be added and changed without recompiling your program.
Ok, dynamic libraries are meant to solve your problem! They are even multi-platform (.dll in windows, .so in *nix systems). There are functions to load them dynamically on-demand from your program (Loadlibrary func). You can still store those binary libraries into a DB if you want, and then save them to disk only when needed.

I have not made dynamic libraries myself using FPC but it should be possible.

Juha
Mostly Lazarus trunk and FPC 3.2 on Manjaro Linux 64-bit.

Laksen

  • Hero Member
  • *****
  • Posts: 724
    • J-Software
Re: How to run a EXE (Win32 any) starting from memory
« Reply #8 on: June 27, 2010, 04:51:55 am »
As far as I can tell you won't get around having a stub executable somewhere, atleast to create the process itself. You cannot create an empty process and load data into it yourself

You can either load the code and data from the executable yourself by parsing the PE-COFF structure, and then have it execute in a thread in the same process space of the calling process, or the stub process. Probably about 1k lines of code

Or you can just save it to a temporary file(GetTempFilename, TProcess, etc). 10 lines of code :)

Is there any reason you won't use a temporary file?

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4447
  • I like bugs.
Re: How to run a EXE (Win32 any) starting from memory
« Reply #9 on: June 27, 2010, 05:25:44 am »
As described in the topic, do not want to save to disk (temporary, etc.).
If someone has some information in context, please inform us here
I've seen on the Internet, DLLs starting memory (codes pascal), EXE starting the memory (codes C ++), let's wait for a "positive" response

You still don't tell us why you can't use a temporary file. Let's guess some more:
... you are making a JIT compiler ... no, even a JIT compiler could save the executable to a file.
Executing data, Windows only ... the only remaining alternative is a virus or other malicious program. No wonder you didn't want to mention it!

This Lazarus / Pascal forum may not be the best place to ask such info. I don't know how to code viruses but I think it requires some advanced assembly programming.
A google search gave me a link to a Win API function related to the issue:
http://msdn.microsoft.com/en-us/library/aa366899.aspx

Good luck with your virus. I use Linux myself and I am not likely to be hit by it.

Juha
Mostly Lazarus trunk and FPC 3.2 on Manjaro Linux 64-bit.

OpenLieroXor

  • New Member
  • *
  • Posts: 38
Re: How to run a EXE (Win32 any) starting from memory
« Reply #10 on: June 27, 2010, 06:23:39 am »
I think you could run the program copied into a ramdisk as a normal binary file, but I'm afraid that it would be a bit harder to create ramdisk on Windows than on *nix OSes (but not impossible).

irfanbagus

  • Jr. Member
  • **
  • Posts: 73
Re: How to run a EXE (Win32 any) starting from memory
« Reply #11 on: June 27, 2010, 06:57:54 am »
As far as I can tell you won't get around having a stub executable somewhere, atleast to create the process itself. You cannot create an empty process and load data into it yourself

You can either load the code and data from the executable yourself by parsing the PE-COFF structure, and then have it execute in a thread in the same process space of the calling process, or the stub process. Probably about 1k lines of code

Or you can just save it to a temporary file(GetTempFilename, TProcess, etc). 10 lines of code :)

Is there any reason you won't use a temporary file?

probably he need to hide some executable for some reason. maybe to prevent
someone else to copy, maybe just to hide the real process from user, or maybe
he need to include another application but don't want to show.

@eric
AFAIK, the most logical ways to solve your problem already answered by Laksen,
the hard way (reading executable structure) or the easy way (create temporary
files). if you want the hard way, try to look upx source (and good luck).

FYI ramdrive is just like other drive, all files you copy into ramdrive still visible (and copyable) to user.

OpenLieroXor

  • New Member
  • *
  • Posts: 38
Re: How to run a EXE (Win32 any) starting from memory
« Reply #12 on: June 27, 2010, 07:17:10 am »
You know how to create RAMDRIVE/RAMDISK dynamically via code, without third party applications?
Like I said, it's easy to do for example on Linux, but on Windows you need a special driver, so it's hard to do it via own code only. It would be easier if there was an 3rd party command-line application (or a DLL library), which could be used by other programs, but I don't know if such application exists. Like others said, the easiest and more reliable way to run the code is store it in temporary file and run normally.

José Mejuto

  • Full Member
  • ***
  • Posts: 136
Re: How to run a EXE (Win32 any) starting from memory
« Reply #13 on: June 29, 2010, 06:52:44 am »
We are always returning the same options, had also thought, I described the topic the way I want. Thanks to those who tried to help, please, let's wait for news

Hello,

It could be done, of course, but its far from easy, you must load the exe, process the relocations, create a process and inject the relocated code in that process. Then you must initialize the process and call the MAIN entry in the exe file.

After this, you need to solve some possible problems, like resources which expect to be available in the file (and there is no file), and other problems like that.

Of course this kind of techniques are complex and can change from OS revision to revision. As far as I know the same strategy is being used since WinNT to Vista with very small differences, but 64 bits are quite sure a serious problem.

The best code to learn how to do it is the UPX source code. The difference is that it does not create a new process, instead it modifies its own process loading the executable part in memory and keeping resources in the compressed file.


 

TinyPortal © 2005-2018