So, essentially you need to write a loader. Or figure out how to invoke windows' loader minus the part that loads from disk -> memory.
Maybe take a look at ReactOS?
Execute a win32 exe file from memory?
Yes, basically write a loader - or figure out how to trick windows into loading the exe from ram. All the EPROCESS stuff I mentioned before is overkill. There's a description of an exploit of NtCreateProcess here, NT Syscalls insecurity (#5 out of 6), and a signature of the function here that might possible lead to a solution. However, a parent process will still be needed - that is - some kind of loader would still need to be written.
This might help too: Interfacing the the Native API in Windows 2000.
Be forewarned, this kind of tweaking could crash your system. Proceed at your own risk!
This might help too: Interfacing the the Native API in Windows 2000.
Be forewarned, this kind of tweaking could crash your system. Proceed at your own risk!
Quote:Original post by LessBread
The kernel has to set up the virtual memory space for the process among other things before passing execution on to the thread for the new process. There are instances of special kernel structures for every process and every thread.
Yes, but I don't think all of that is necessary if you're just going to transfer control from your existing process into the new one.
I've constructed some (albeit very simple) PE executables by hand with some compiled assembler that just prints out "Hello World" to the console, but the hardest part of getting that to work is updating the pointers in the import section to properly reference GetStdHandle and WriteConsole. Once those are in place, a jump into the main code _should_ just work properly.
Assuming the OP is not intending on actually spawing a new process while keeping his current one around, it shouldn't be that in-depth. Either way, this is definitely not an easy task. :)
And I would venture a guess that the reason/purpose for wanting to do this doesn't justify the amount of effort needed to get it working.
Author
Quote:Original post by bpoint
Actually, now that I think about it, once you map the EXE into memory, all you should have to do is ensure the DLL functions have been imported properly, then simply jump into the EXE's entry point...
Edit: Which is pretty much what Evil Steve said anyway. :)
How can i jump into the EXE's entry point?
if (is it possible) then i can jump without dll need.
do u have a example that show me how can i jump into the EXE's entry point?
because i need it
Author
Quote:Original post by LessBread
Yes, basically write a loader - or figure out how to trick windows into loading the exe from ram. All the EPROCESS stuff I mentioned before is overkill. There's a description of an exploit of NtCreateProcess here, NT Syscalls insecurity (#5 out of 6), and a signature of the function here that might possible lead to a solution. However, a parent process will still be needed - that is - some kind of loader would still need to be written.
This might help too: Interfacing the the Native API in Windows 2000.
Be forewarned, this kind of tweaking could crash your system. Proceed at your own risk!
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL );
can work on a stream or other data structure in memory?
also process is equal to whole of an exe file? for example maybe my exe be "Photoshop.exe", also it can work?
Author
Quote:Original post by RDragon1
So, essentially you need to write a loader. Or figure out how to invoke windows' loader minus the part that loads from disk -> memory.
Maybe take a look at ReactOS?
if you mean that loader is a program that can load a exe from <storage> and can execute it. ya, i really need a loader.
i have not any problem for loading a exe file in memroy, my problem is that how can i say OS(operating system) that now run the exe file from my memory address that can be in a stream ,
also i can not find your ReactOS : its my google try
http://www.google.com/search?num=50&hl=en&lr=&q=loader+ReactOS+&btnG=Search
http://www.google.com/search?hl=en&q=+ReactOS&btnG=Google+Search
Author
****************************************
***********My note for all:*************
****************************************
some people say me that why i dont want try some API command such as createprocess or ...,
i must say that all of API instruction that i know only can run a exe file from disk(can not execute from disk).
Also some people say , "try to hide your exe file", for example change extension of it to ".Jpg" and then run it. i know that its possible that i run my exe with .jpg extension without that i change extension to .EXE,
CreateProcess("filename.jpg",NULL,NULL,NULL,false,0,NULL,NULL,&si,π);
ya , it work
but user can easily find my exe with renaming!!! (user can change jpg to exe)
because some of my EXEs that i want execute from memory need internet , if your firewall prompt that "filename.jpg" need to access internet, what u think? you really think that filename.jpg is a exe file, and its not good for me,
please help me to i solve my problem
i really need a code ( or maybe program) that can execute EXE file from memory.
also if its not possible ,
please help me to i add some instruction to first of a EXE file.it mean that if user want run exe file, First my code lines run.
***********My note for all:*************
****************************************
some people say me that why i dont want try some API command such as createprocess or ...,
i must say that all of API instruction that i know only can run a exe file from disk(can not execute from disk).
Also some people say , "try to hide your exe file", for example change extension of it to ".Jpg" and then run it. i know that its possible that i run my exe with .jpg extension without that i change extension to .EXE,
CreateProcess("filename.jpg",NULL,NULL,NULL,false,0,NULL,NULL,&si,π);
ya , it work
but user can easily find my exe with renaming!!! (user can change jpg to exe)
because some of my EXEs that i want execute from memory need internet , if your firewall prompt that "filename.jpg" need to access internet, what u think? you really think that filename.jpg is a exe file, and its not good for me,
please help me to i solve my problem
i really need a code ( or maybe program) that can execute EXE file from memory.
also if its not possible ,
please help me to i add some instruction to first of a EXE file.it mean that if user want run exe file, First my code lines run.
Quote:Original post by Ahmadi
can work on a stream or other data structure in memory? also process is equal to whole of an exe file? for example maybe my exe be "Photoshop.exe", also it can work?
Not on a stream. The POBJECT_ATTRIBUTES parameter is a pointer to a data structure. A process is not equal to an exe file. The exe file is the program. The process is a static container that maintains the resources necessary for a thread to execute. Don't experiment with your photoshop.exe, stick to notepad.exe. If you screw anything up accidentally, you'll be glad it was notepad that died and not photoshop.
Honestly, from our conversation, it sounds to me that the endeavor exceeds your present abilities. Keep studying programming, learn as much as you can about the operating system, how it operates at a low level, learn as much as you an about x86 cpus, learn some assembly language, maybe even learn how to write device drivers and such and then you'll be ready to tackle a project like this one.
Here's a link to ReactOS. Download the source code and poke around through it. See if that's the kind of code that interests you.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
