Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
37 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Execute a win32 exe file from memory?

Started by
31 comments, last by Ahmadi 18 years, 1 month ago
Quote:Original post by LessBread
Not on a stream. The POBJECT_ATTRIBUTES parameter is a pointer to a data structure. A process is not equal to an exe file. The exe file is the program. The process is a static container that maintains the resources necessary for a thread to execute. Don't experiment with your photoshop.exe, stick to notepad.exe. If you screw anything up accidentally, you'll be glad it was notepad that died and not photoshop.

Honestly, from our conversation, it sounds to me that the endeavor exceeds your present abilities. Keep studying programming, learn as much as you can about the operating system, how it operates at a low level, learn as much as you an about x86 cpus, learn some assembly language, maybe even learn how to write device drivers and such and then you'll be ready to tackle a project like this one.

Here's a link to ReactOS. Download the source code and poke around through it. See if that's the kind of code that interests you.

i think that its better that you know my goal:
My clear describe about the situation is:
i want create program lock, you can import one exe to it (for example exe
of notepad or photoshop or. ...) and then my app must create a coded exe
from it(your exe),
in future , only my program can run coded exe, and its not possible that user run the exe directly.

its possible that my program decode exe in harddisk and then run it, but it have not good security. i need to decode progarm in memory and then run it from memory.

if i want describe my goal in a few words i must say:
my program is a software lock that need password from user for executing an application.
Advertisement
Software locks are not 100% secure. They'll keep out amateurs but a determined individual with some knowledge and skills could break through them. You might consider adapting the UPX source code to fit your needs. The UPX authors decided against adding password protection, [1], but that doesn't mean you can't give it a shot.
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes." - the Laughing Man
Quote:Original post by Ahmadi
Quote:Original post by LessBread
Not on a stream. The POBJECT_ATTRIBUTES parameter is a pointer to a data structure. A process is not equal to an exe file. The exe file is the program. The process is a static container that maintains the resources necessary for a thread to execute. Don't experiment with your photoshop.exe, stick to notepad.exe. If you screw anything up accidentally, you'll be glad it was notepad that died and not photoshop.

Honestly, from our conversation, it sounds to me that the endeavor exceeds your present abilities. Keep studying programming, learn as much as you can about the operating system, how it operates at a low level, learn as much as you an about x86 cpus, learn some assembly language, maybe even learn how to write device drivers and such and then you'll be ready to tackle a project like this one.

Here's a link to ReactOS. Download the source code and poke around through it. See if that's the kind of code that interests you.

i think that its better that you know my goal:
My clear describe about the situation is:
i want create program lock, you can import one exe to it (for example exe
of notepad or photoshop or. ...) and then my app must create a coded exe
from it(your exe),
in future , only my program can run coded exe, and its not possible that user run the exe directly.

its possible that my program decode exe in harddisk and then run it, but it have not good security. i need to decode progarm in memory and then run it from memory.

if i want describe my goal in a few words i must say:
my program is a software lock that need password from user for executing an application.
All the user needs to do is use a memory editor to grab your program from RAM. It's not going to be that involved.

If you don't need to spawn a new process, then it should be possible using the methods people have described. Load the EXE exactly how This Link shows for a DLL, then jump to the entry point. Look at the PE format to find out where the entry point is, and then just jump to it.

As LessBread said though, this is all very in depth and low level, and it seems like this is above your ability. I would imagine that UPX does it the same way as I described, I'll go and have a look at the source now.

[Edited by - LessBread on March 27, 2006 2:29:38 PM]
Like someone said before, its futile what you are doing perse, I have written something that sounds alot like what you want, I used a temporary EXE, I didnt even hide it that well as a matter of fact. Instead of that , make the EXE dependent on the loader :). By that i mean, export functions from the loader as though it were actualy a dll. For the executable, simply have it check that its calling process was the executable in order for it to run, that should thwart most hackers (provided you are encrypting the file while within the exe, etc).

Now there are other things you can do to ensure that it only gets run from the sandbox program. Though any of these ways, you are going to have to modify the host executable somewhat.
I think you should look at some EXE packer/cryptor sources, how they work and why.
They do not store the entire EXE along with a generic decoder EXE, but they patch the original EXE and add their decryptor/decompressor stuff.

If you want to write a password protector, you will have to learn the EXE file formats, otherwise it is going to take 2 minutes and a hex editor to rip the protected file.

br,Zolee------
There are only two problems that would require this. Compressor/encryptor type application, and a trojan. And even UPX uses temporary file for Linux compression (I believe some versions now allow to memory decompression as well)

The example provided with image file (or any other resource for that matter) is completely different and does not apply here.

So, this wouldn't happen to be a trojan, would it?
This could also be used in a game patching system.
*News tagenigma.com is my new domain.
http://www.security.org.sg/code/loadexe.html
Quote:Original post by Anonymous Poster
http://www.security.org.sg/code/loadexe.html
Woah, that's a lot easier than I thought it was.
Don't any DLL references need to be resolved or anything? I thought that was done by the OS in CreateProcess()...
Quote:Original post by Anonymous Poster
http://www.security.org.sg/code/loadexe.html

it dont work correctly(for example this program can load windows calculator )

"loadexe calc.exe "
have some error

This topic is closed to new replies.

Advertisement

Popular Topics

Calin
Avoiding other units without using pathfinding General and Gameplay Programming
black4
Quake 1 source code triangle rasterization General and Gameplay Programming
coulomb
D3D12 Alpha blending not working both ways Graphics and GPU Programming
pbivens67
AABB collision For Beginners
taby
Post-Newtonian general relativity Math and Physics
gjl
ARM64 Native Calling Convention Return Issue on Apple Silicon AngelCode
Advertisement

Recommended Tutorials

Myopic Rhino
Real-Time Rendering Chapter 6: Special Effects Graphics and GPU Programming
Myopic Rhino
Introduction to Shader Programming Part IV: Programming Pixel Shaders Graphics and GPU Programming
Gl_Terminator
Ten Things to Achieve When Starting 3D Programming General and Gameplay Programming
gdarchive
Metal Gear Solid 2 Grand Game Plan Game Design and Theory
Alconost
The Korean Game Market: A Comprehensive Overview Production and Management

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top