Hi I want execute a exe file from memory and not from disk, because i have contain of the exe file in a stream and in memory, if i want write the containt on disk other user can access it, i only want run it from memory. now i have the exe file in stream. i need any help for this work. some users help is that i make a hide file on disk and then execute it, but its childish. i need to execute it directly from RAM. if you dont understand what i need please read follow text, its another shape of my request: {**********} i have one exe in end of my exe. if you consider that first exe is A and second is B( that is attached to end of A). now if i want run A.it have not any problem, and i can easily run A. but if i want run B, i must extract it from A to harddisk and then run it. its bad for me and i dont want to extract it, because i need to user do not find it(B). and B must always be hide. i have not any problem for extracting B . the best way for me is that i run B from memory not from harddisk , and i want to know is it possible? if yes , how? for example if you consider that B is a picture that was attached to end of A . i can show picture without using harddisk: Var S:TFileStream; f:file of byte; begin S:=TFileStream.create; assignfile(f,extractfilename(application.exename)); reset(f); do while reach first of B // while not eof(f) do copy data from f to S // image1.loadfromstream(s); end. {**********}

It can be done with DLLs, but it's a lot of work. The way the Windows loader works, it's impossible to load from memory. What you have to do is break the file format appart, fixup and DLL references, then jump to the start of the code.

As far as I know, it simply isn't possible to do this with an EXE only a DLL. You'll have to copy the exe to the temp folder, run it from there, and wait for the process to terminate before deleting the exe.

Quote:I want execute a exe file from memory and not from disk, because i have contain of the exe file in a stream and in memory, if i want write the containt on disk other user can access it, i only want run it from memory. now i have the exe file in stream.

I do not think there is a documented way of doing that in windows so it will be very tricky to accomplish and unstable.

If you want to stop other users accessing the executable you could simply disguise the executable. This will work on the vast majority of users. To do this write the executable to disk as a file with a different extension. This way typical users will not be able to execute it by double clicking on it in explorer. They will have to rename it to .exe to do that and most will not think of this.

If you write the executable to disk as filename.jpg then users will think it is an image file. If they double click to load it the image viewer will fail to open it. They will just think it is a broken jpg. They will not realise it is an executable. Using a well known extension lessens the likelyhood that more savvy users will try and open it in notepad where they will see "This program cannot be run in DOS mode" which kind of gives the game away. For this reason don't use an extension associated with a text viewer such as .txt or .log

You can use CreateProcess to execute any file with any file extension. eg:

https://www.joachim-bauch.de/tutorials/load_dll_memory.html/en

Quote:Original post by Anonymous Poster
https://www.joachim-bauch.de/tutorials/load_dll_memory.html/en

it can load a proc of dll in memory and then call proc. but i dont need it. i need to execute an exe file.exe file is not for me that i make it a procedure and then dll. for example maybe the exe file is notepad, how can i make notepad to a proc of dll!! its impossible.

You could look inside the source of UPX and see how they do it, considering they specialize in that sort of thing.

Actually, now that I think about it, once you map the EXE into memory, all you should have to do is ensure the DLL functions have been imported properly, then simply jump into the EXE's entry point...

Edit: Which is pretty much what Evil Steve said anyway. :)

Quote:Original post by bpoint
You could look inside the source of UPX and see how they do it, considering they specialize in that sort of thing.

UPX is exe compressor, can it run exe from memory?