发表新帖
发表新帖

How can I run an executable from RAM using C++?

前端 未结
关注
5 1759
一整个雨季
一整个雨季 2021-02-09 06:42

How can I run an executable from RAM using C++?

The executable is in RAM, and I know the address, how do I call into the program from mine?

相关标签:
5条回答
  • 温柔的废话
    2021-02-09 07:01

    The same way you would run it from disk. Your program doesn't know whether it's already loaded (i.e. in RAM) or on disk. This is abstracted away by the operating system.

    0 讨论(0)
  • 情话喂你
    2021-02-09 07:04

    This sort of things comes normally out of the dark corners of the world. ;-)

    In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDF site 12f) to get this to work and they tried to find another solution and here it is: They call a normal CreateProcess() with a common program (e.g. notepad.exe), but they start it with ThreadSuspended. Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.

    So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff. If you really interested in this part, then you have an idea to search for.

    And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...

    0 讨论(0)
  • 青春惊慌失措
    2021-02-09 07:11

    Mabye this could help you: http://www.codeproject.com/Articles/13897/Load-an-EXE-File-and-Run-It-from-Memory

    PS: Writing an malware is not illegal (im most countries ;) ) using is!

    0 讨论(0)
  • 鱼传尺愫
    2021-02-09 07:13

    You mean communicating with another application that is running at the same time as yours? That depends on which operating system you are using. In any case, Wikipedia has an article on Interprocess Communication, which shows some basic techniques.

    0 讨论(0)
  • 慢半拍i
    2021-02-09 07:18

    Do you mean that you have loaded the contents of the EXE file into RAM and now want to run that executable?

    Since you're talking about an EXE, I assume you're running under Windows. To my knowledge, Windows can't do this -- your only option is to save the executable back to a file and run that (using CreateProcess, for example).

    Edit Here is how you would run the process.

    In C++:

    STARTUPINFO si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

if(!CreateProcess("myfilename.exe", NULL, NULL, NULL, FALSE, 0, NULL, 
    NULL, &si, &pi ))
{
    // An error occurred
}

    In C#:

    using System;
using System.Diagnostics;

Process.Start("myfilename.exe");
    0 讨论(0)
 看不清?
提交回复
热议问题