Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I run an executable from RAM using C++?

Tags:

c++

windows

winapi

How can I run an executable from RAM using C++?

The executable is in RAM, and I know the address, how do I call into the program from mine?

like image 724
Armen Khachatryan Avatar asked Aug 27 '09 07:08

Armen Khachatryan

3 Answers

This sort of things comes normally out of the dark corners of the world. ;-)

In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDF site 12f) to get this to work and they tried to find another solution and here it is: They call a normal CreateProcess() with a common program (e.g. notepad.exe), but they start it with ThreadSuspended. Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.

So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff. If you really interested in this part, then you have an idea to search for.

And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...

like image 66
Oliver Avatar answered Oct 20 '22 04:10

Oliver

Do you mean that you have loaded the contents of the EXE file into RAM and now want to run that executable?

Since you're talking about an EXE, I assume you're running under Windows. To my knowledge, Windows can't do this -- your only option is to save the executable back to a file and run that (using CreateProcess, for example).

Edit Here is how you would run the process.

In C++:

STARTUPINFO si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

if(!CreateProcess("myfilename.exe", NULL, NULL, NULL, FALSE, 0, NULL, 
    NULL, &si, &pi ))
{
    // An error occurred
}

In C#:

using System;
using System.Diagnostics;

Process.Start("myfilename.exe");
like image 40
Martin B Avatar answered Oct 20 '22 05:10

Martin B

The same way you would run it from disk. Your program doesn't know whether it's already loaded (i.e. in RAM) or on disk. This is abstracted away by the operating system.

like image 1
grigy Avatar answered Oct 20 '22 05:10

grigy
Sign in to Comment

Related questions

How do you write a makefile for both clang and gcc?
Vector of elements containing std::threads
Creating a `std::chrono::time_point` from a calendar date known at compile time
Replacement for removed bind1st in C++17
What is the C++ equivalent of python collections.Counter?
Why I can declare a const reference using type-alias?
Connect two third party modules with "const char*" and "char*" arguments
How to construct an object either from a const reference or temporary via forwarding template
Unique pointer - Why is the destructor called 3 times
Issue: No package 'libcrypto' found
Find combination of string sentences - Combinations of frequency tables to target frequency table
Correctly over-loading a stringbuf to replace cout in a MATLAB mex file
c++ file io & splitting by separator
Is partial class template specialization the answer to this design problem?
SFTP C++ library? [closed]
Is there a TRACE statement for basic win32 C++?
What tools exist for comparing C++ code to coding guidelines? [closed]
Deterministic Random Number Streams in C++ STL
How to detect that a given PE file (exe or dll) is 64 bit or 32 bit
Run Code Before Every Function Call for a Class in C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!