How can I run an executable from RAM using C++?
The executable is in RAM, and I know the address, how do I call into the program from mine?
+1
A:
You mean communicating with another application that is running at the same time as yours? That depends on which operating system you are using. In any case, he wikipedia article on Interprocess Communication shows some basic techniques.
Adrian Grigore
2009-08-27 07:44:34
+1
A:
The same way you would run it from disk. Your program doesn't know whether it's already loaded (i.e. in RAM) or on disk. This is abstracted away by the operating system.
grigy
2009-08-27 07:44:54
+5
A:
Do you mean that you have loaded the contents of the EXE file into RAM and now want to run that executable?
Since you're talking about an EXE, I assume you're running under Windows. To my knowledge, Windows can't do this -- your only option is to save the executable back to a file and run that (using CreateProcess, for example).
Edit Here is how you would run the process.
In C++:
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));
if(!CreateProcess("myfilename.exe", NULL, NULL, NULL, FALSE, 0, NULL,
NULL, &si, &pi ))
{
// An error occurred
}
In C#:
using System;
using System.Diagnostics;
Process.Start("myfilename.exe");
Martin B
2009-08-27 07:51:20
yesssssssssss you right! how i can use CreateProcess? THANK YOU
Armen Khachatryan
2009-08-27 07:57:12
please not all problem is i do not have that exe in hard drive,
Armen Khachatryan
2009-08-27 08:00:46
Are you the author of that other process? If so, it would be much better to communicate with it so that it writes the resources back to hard disk. Or use the same original resource from hard disk in the first place.
Adrian Grigore
2009-08-27 08:00:53
no dear Adrian, i am not author of other process. how can i do it in this way?
Armen Khachatryan
2009-08-27 08:05:45
In that case, what you are trying to do is probably illegal...
Adrian Grigore
2009-08-27 08:09:27
Thanks you Martin, see you write "myfilename.exe" , i do not want this, i want inject that exe into my program then call it, is this possible??
Armen Khachatryan
2009-08-27 08:26:08
"Inject it into your program" -- what do you mean by that? "myfilename.exe" is just an example -- choose any filename you like, then write your EXE from memory to that file. If you're using C++, you could use ostream::write or fwrite to write the file. After you've written the file out, use CreateProcess to execute it.
Martin B
2009-08-27 09:08:50
+5
A:
This sort of things comes normally out of the dark corners of the world. ;-)
In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDF site 12f) to get this to work and they tried to find another solution and here it is: They call a normal CreateProcess() with a common program (e.g. notepad.exe), but they start it with ThreadSuspended. Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.
So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff. If you really interested in this part, then you have an idea to search for.
And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...
Oliver
2009-08-27 09:15:52
@jpalecek: What do you mean with *first approach*? If you mean creating a process on yourself. Than i can only say that i remember of an article, where some smart guys just gave up. Maybe some keywords in my article can help you to find it again. If you meant to start a process with ThreadSuspended, than go and find out how you inject a new thread into an existing process. Cause this is also not quite easy (but easier than trying to create a process on yourself).
Oliver
2010-03-22 07:39:51
By the first approach, I meant creating the process myself. I googled a bit and found this: http://bytes.com/topic/python/answers/585637-execute-binary-code http://pentest.cryptocity.net/files/exploitation/winasm-1.0.1.pdf It seems the fork()-like part is hard. Not sure whether OP needs forking.
jpalecek
2010-03-24 10:22:47
@jpalecek: Your second link is exactly the document i had in mind when i wrote my answer. I'm going to update it.
Oliver
2010-03-24 10:50:11