Code: Select all
; ------------
; second app included
; ------------
DataSection
SecondaryApp : IncludeBinary "SecondaryApp.exe"
EndDataSection Is it possible to launch this second EXE ?
can PB launch a included EXE file ?
can PB launch a included EXE file ?
Is it possible to launch this second EXE ?
win10 x64 5.72 | IDE | PB plugin | Tools | Sprite | JSON | visual tool
Yes, it's pretty easy if it is okay for you to first write the file back on the harddisk.
Change your DATASECTION-CODE to something like this :
Then you could write it back to harddisk with :
And then just run it with the RunProgramm Command.
It is possible to start it directly from memory - however this is going to be rather tricky and I have no clue :roll:
Change your DATASECTION-CODE to something like this :
Code: Select all
; ------------
; second app included
; ------------
DataSection
SecondaryAppStart:
IncludeBinary "SecondaryApp.exe"
SecondaryAppEnd:
EndDataSection
Code: Select all
If CreateFile(0, "C:\SecondaryApp.EXE")
WriteData(?SecondaryAppStart, ?SecondaryAppEnd - ?SecondaryAppStart)
CloseFile(0)
Else
MessageRequester("Error", "Could not install the file - Installtion failed")
EndIf
It is possible to start it directly from memory - however this is going to be rather tricky and I have no clue :roll:
Last edited by benny on Sun May 30, 2004 5:21 am, edited 1 time in total.
regards,
benny!
-
pe0ple ar3 str4nge!!!
benny!
-
pe0ple ar3 str4nge!!!
Thx Benny.
It would be better if the EXE is launched in memory.
I've found Seldon's article but it's too advance coding skill for me :roll:
What can I do with this memory pointer ?
It would be better if the EXE is launched in memory.
I've found Seldon's article but it's too advance coding skill for me :roll:
What can I do with this memory pointer ?
Code: Select all
resID.l=1 ;-> number of resource
hResInfo=FindResource_(#NULL,resID,#RT_RCDATA)
If(hResInfo)
hData=LoadResource_(#NULL,hResInfo)
If(hData)
lpData=LockResource_(hData)
If(lpData)
AllocateMemory(1,8000,0) ;-> your needed size
lg=UnpackMemory(lpData,UseMemory(1))
;...
;...
EndIf
EndIf
EndIf
;======================================
;To compile (by Microsoft's RC) the RES file, I use this source:
1 RCDATA
BEGIN
#include "secondApp.exe"
End
-
eriksradio
- User
- Posts: 30
- Joined: Tue Sep 09, 2003 11:44 pm
- Location: Queensland, Australia
If you ever find out how, please let me know.
I saw some weird things done in VB which I could not understand.
The idea to allow a program to run after lodinng into memopry was to first load a fake program and run it. This fake could be just nulls and also has to be the exact size of the exe which it is desired to run. This fake program is then overwritten by the desired program from memory, and it is claimed the new program will run.
I have seen a post here which alters a running program and could do this.
Maybe it gives a few ideas but seems too simple to be true.
I saw some weird things done in VB which I could not understand.
The idea to allow a program to run after lodinng into memopry was to first load a fake program and run it. This fake could be just nulls and also has to be the exact size of the exe which it is desired to run. This fake program is then overwritten by the desired program from memory, and it is claimed the new program will run.
I have seen a post here which alters a running program and could do this.
Maybe it gives a few ideas but seems too simple to be true.
Hi!
I know, i know, a bit old, but i was just reading posts from PB forums and saw this.
Well it got my attention. Can anyone tell me if this is possible(load an exe in memory and run it)? I don't know, but i've heard of GetProcAddress, can i use it run and exe loaded in memory?
Just curiosity, if somebody knows i would like to hear some explanation by some kind.
Thanks
xgp
I know, i know, a bit old, but i was just reading posts from PB forums and saw this.
Well it got my attention. Can anyone tell me if this is possible(load an exe in memory and run it)? I don't know, but i've heard of GetProcAddress, can i use it run and exe loaded in memory?
Just curiosity, if somebody knows i would like to hear some explanation by some kind.
Thanks
xgp
> The idea to allow a program to run after lodinng into memopry was to first
> load a fake program and run it. This fake could be just nulls and also has
> to be the exact size of the exe which it is desired to run. This fake program
> is then overwritten by the desired program from memory, and it is claimed
> the new program will run
Sounds like a hoax to me. How can you run something made up of nulls?
Also, even if possible, this is still not running it from memory because you'd
have to save it to disk first to run it, otherwise you'd just run the null app
from memory in the first place, so why not just run the exe that way instead?
> load a fake program and run it. This fake could be just nulls and also has
> to be the exact size of the exe which it is desired to run. This fake program
> is then overwritten by the desired program from memory, and it is claimed
> the new program will run
Sounds like a hoax to me. How can you run something made up of nulls?
Also, even if possible, this is still not running it from memory because you'd
have to save it to disk first to run it, otherwise you'd just run the null app
from memory in the first place, so why not just run the exe that way instead?
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
http://www.security.org.sg/code/loadexe.html
that is POC of how to load exe to directly to memory from another exe where its inside... |:
but im more interested about how to "inject" complete exe or just portions of its code into another process... |: there was example how to inject dll to another process but thats not what im looking for...
that is POC of how to load exe to directly to memory from another exe where its inside... |:
but im more interested about how to "inject" complete exe or just portions of its code into another process... |: there was example how to inject dll to another process but thats not what im looking for...
-
dracflamloc
- Addict
- Posts: 1648
- Joined: Mon Sep 20, 2004 3:52 pm
- Contact:
> it'd be neat to figure this out
I've seen this request many times both here and in VB/C forums, and I've
yet to see a workable solution. Personally, I don't believe it can be done.
(There's a lot of "try this, do that" but NEVER an example source that one
can test for themself and get an immediate result).
I've seen this request many times both here and in VB/C forums, and I've
yet to see a workable solution. Personally, I don't believe it can be done.
(There's a lot of "try this, do that" but NEVER an example source that one
can test for themself and get an immediate result).
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
well i dunno what way they do it, but here is a way to build an executable encryptor: http://sandsprite.com/CodeStuff/Build_y ... ypter.html
> isn't this the way that packers like UPX and others act?. They embedd the
> application we want in a stub/loader that decompresses the data(our exe,
> dll) in memory and run it?
Interesting theory, so I tested it -- and no, UPX decompresses the exe to the
Windows Temp folder before running it. I used FileMon to watch for what files
were created in Temp when I launched my app that was compressed with
UPX, and it showed a file with the same byte-size as my uncompressed app
being created there. I then decompressed the app and launched it again,
and nothing was seen in Temp this time. So, it doesn't run it from memory.
> application we want in a stub/loader that decompresses the data(our exe,
> dll) in memory and run it?
Interesting theory, so I tested it -- and no, UPX decompresses the exe to the
Windows Temp folder before running it. I used FileMon to watch for what files
were created in Temp when I launched my app that was compressed with
UPX, and it showed a file with the same byte-size as my uncompressed app
being created there. I then decompressed the app and launched it again,
and nothing was seen in Temp this time. So, it doesn't run it from memory.
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.