We help IT Professionals succeed at work.

Execute Memory Mapped File

npatel
npatel asked
on
I have a compressed Exe file, which I will extract to a normal executable file on a hard drive. I would like to extract the file as a Memory Mapped File and execute it without closing the mapped file.

Reason:  The executeable will not be detectable and leaves not traces of its existance. Only the original compressed file remains.

Has anyone tried this or is there another method.
Comment
Watch Question

Commented:
I think you should rather forget this idea, I'm sorry, it's much too difficult. You would need to do countless hacks, even different hacks in win9x and winNT. Better look for other alternatives...   :-(

Regards, Madshi.

Author

Commented:
Looking for alternatives?

Commented:
Why can't you simply extract the file on harddisk and start it totally normally with e.g. CreateProcess? You can wait until it is finished and then delete the file on the harddisk again. What exactly is the problem with that?

Author

Commented:
The process is to provide a secure method of executing a restricted program, that only authorized users can use. If I extract a copy of the restricted program to a normal file , It could be left intact by a simple power off of the PC.

This is why I wanted to try Memory Mapped Files or Something similar.

Regards, Navin
Commented:
No problem. You can make sure that the file gets deleted automatically with the next reboot.

winNT family (NT4, 2k, XP):
MoveFileEx('c:\your.exe', nil, MOVEFILE_DELAY_UNTIL_REBOOT);

win9x (95, 98, ME):
Edit the "c:\windows\wininit.ini" file, it must look like this:

[RENAME]
NUL=c:\your.exe

The wininit.ini only supports 8.3 filename syntax, MoveFileEx also supports long file names.

Regards, Madshi.

Author

Commented:
Simple, and I like simple.

I will try this.

Thanks,