IchBistTod Posted July 14, 2009 Share Posted July 14, 2009 (edited) Okay I was reading that there is a way to do a dllcall completely in memory using its binary data. my question is, is there a way to execute an exe in memory? example: 1.read .exe 2.use binary() func on it 3.execute it from memory without needing to use filewrite() and run() Edited July 14, 2009 by IchBistTod [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
IchBistTod Posted July 19, 2009 Author Share Posted July 19, 2009 *bump* [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
dantay9 Posted July 19, 2009 Share Posted July 19, 2009 I don't know anything about machine code or asm, but take a look at this link. It uses machine code. Link to comment Share on other sites More sharing options...
DCCD Posted July 19, 2009 Share Posted July 19, 2009 I think will not be easy with AutoIt, But The C# Programming Almost Too Easy! GoogleIt http://www.google.com.ly/search?hl=it&q=Load+an+EXE+File+and+Run+It+from+Memory&btnG=Cerca&lr= [u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group Link to comment Share on other sites More sharing options...
IchBistTod Posted July 26, 2009 Author Share Posted July 26, 2009 (edited) The base idea has already been completed in autoit. This is what i have so far Func execute_exe_from_mem() ;ConsoleWrite(binary(FileRead(@ScriptDir&"\test.exe"))&@CRLF) Local $Exec = binary(FileRead(@ScriptDir&"\test.exe")) Local $ExecCode = DllStructCreate("byte[" & BinaryLen($Exec) & "]") DllStructSetData($ExecCode, 1, $Exec) ; Execute main stub DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CRC32ExecCode)) EndFunc test.exe can be any file, however it just crashes, basically i want to read from a .exe then execute the whole file in memory without having to touch the hard disk. I dont know what I am doing wrong though. Edited July 26, 2009 by IchBistTod [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 26, 2009 Share Posted July 26, 2009 You're completely off target here. Here's why: The exe is not just a long stream of code. It's very precisely structured in sections pointed to by the pe headers. Furthermore the binary data need to be reformatted and resources and libraries need to be loaded depending on for example the index address table. I really do reccomend that you read up in the Portable Executable format (PE) to understand what I'm talking about. It will mae things much clearer. Here's a good starting point.However your goal can be achieved with other smarter ways. See this post by jpam for example. More info available on the great google. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
IchBistTod Posted July 27, 2009 Author Share Posted July 27, 2009 okay I understand now, but surely there must be a simple way to pass the whole binary data to the system for it to process without writing it to the hard disk. I mean that would only make since. Just need to know how to do it. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
MDCT Posted July 27, 2009 Share Posted July 27, 2009 okay I understand now, but surely there must be a simple way to pass the whole binary data to the system for it to process without writing it to the hard disk.I mean that would only make since. Just need to know how to do it.You could use RAM disk software to make any files to be loaded into the RAM. It would be much faster than using HD, but it needs extra software.I too would like to know how to do that in pure AutoIt. Link to comment Share on other sites More sharing options...
monoceres Posted July 27, 2009 Share Posted July 27, 2009 okay I understand now, but surely there must be a simple way to pass the whole binary data to the system for it to process without writing it to the hard disk.I mean that would only make since. Just need to know how to do it.No there isn't. What we're talking about here is a PE-Loader, one of the most complex thing you can ever write on windows. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
IchBistTod Posted July 27, 2009 Author Share Posted July 27, 2009 well someone else(forget who) wrote an app to make programs execute from memory, and if it was super difficult I don think he would have done it alone and released it here, so I am thinking there may be another way, IDK im just thinking cuz that wuda been a lot of work for one person. i think its called like emfc or efmc or somethign like that, stands for something but i cant remember what. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 27, 2009 Share Posted July 27, 2009 well someone else(forget who) wrote an app to make programs execute from memory, and if it was super difficult I don think he would have done it alone and released it here, so I am thinking there may be another way, IDK im just thinking cuz that wuda been a lot of work for one person. i think its called like emfc or efmc or somethign like that, stands for something but i cant remember what.Seriously? Do you even read my posts? I'm growing very weary of answering to your stupid questions when you don't even pretend to have read what I'm writing. I have already posted a link to the the program you're talking about. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
IchBistTod Posted July 29, 2009 Author Share Posted July 29, 2009 I read your post and Thats where I found it, but that does not mean I dont have Short Term Memory Loss. I had forgot already. Anyways, so you mean to tell me he made a full PE loader? Is there maybe some way to create a process,suspend the process, inject the exe code, and resume the process, or would a PE-loader still be needed to be created before doing this? [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 29, 2009 Share Posted July 29, 2009 No he did not. He used the internal windows one. However there's a big difference between that technique and "passing the whole binary data to the system for it to process". I don't understand why you're still posting in this thread with nothing new. I have linked you to a program that does just this, and even though the source isn't available trancexx described the process in post #3. And since I have researched this myself quite extensively I know there are lots of information & source code available out there, just one little google search away. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now