becoolnike
asked on
is there a way to execute data without saving it to a file and then execute it??
i have researched all the net and i found nothing.
i want something like if is possible to execute data.
like load data into the memory and then execute like is was it a .exe file.
something like:
data : string;
data:='MZP................ .....@.... .......... .......... .......... .......... ...!..L.!. .This program must be run under Win32..$7................. .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .........P E..L....^B *......... ........<. ..h....... I.......P. ...@...... .......... .......... ./........ .......... @......... .......... ........@. .:0....... .......... .......... ....e..... .......... .......... .......... .......... .......... .......... .......... .......COD E....@:... ....<..... .......... ... ..`DATA.....<...P...<...@. .......... ...@...BSS .......... ........|. .......... ........id ata..:0... @...2...|. .......... ...@....tl s......... .......... .......... ........rd ata....... .......... .......... ...@..P.re loc...e... ....f..... .......... ...@..P.rs rc........ .......... .......... ...@..P... .......... ./.......- .......... ...@..P... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .........@ ...Boolean .......... .@..False. True.@.,.@ ...WideCha r......... .'
executeDataIntoMemory(data );
500 points!!
i want something like if is possible to execute data.
like load data into the memory and then execute like is was it a .exe file.
something like:
data : string;
data:='MZP................
executeDataIntoMemory(data
500 points!!
You could save the data to a temporary file and then use ShellExecute to run it.
Actually you can :D But it's a dirty and hard work to do.
In the old days this would have been a no problem, but nowadays it's a hell of a big problem. Why? Because of the "buffer overrun". There are a lot if fixes for that in operating systems and now even in processors (I read somehwre that AMD is putting some execute bit flag for the memory into their 64bit processors)
In general use, you have 2 possibilities:
- using writeprocessmemory (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/writeprocessmemory.asp) (and you put the data into the process memory of your executing program ... stinky :) )
- using ASM (playing with the IP register ;) )
The hard stuff is that you will have to control everything related to that memory so that the OS can cope with it. That means you need to have a lot of knoledge about how the OS is working with : memory, code, data, etc.
The basic scketch is like this:
- load the data into memory
- have a type : myproc = procedure;
- initialize a variable of that type to the address of the data to be executed
- run the variable
ex:
type myf = procedure;
procedure a;
var b:myf;
begin
b:=addr(a);
beep;
sleep(1000);
b;
end;
procedure TForm1.Button1Click(Sender : TObject);
begin
a;
end;
but you will point b to the begining of the loaded data (which must be a procedure of the declared form, in this case "procedure myprocedure; begin end; or something".
Of course, you will not be able to execute programs like this (exe files, etc) because you must first parse the executable and load it into memory just as the OS does and only after that you can change the IP register to point to the begining of the program to be exeecuted. Dirty stuff.
If you succeed imlementing it, give us a post ;)
Good Luck.
In the old days this would have been a no problem, but nowadays it's a hell of a big problem. Why? Because of the "buffer overrun". There are a lot if fixes for that in operating systems and now even in processors (I read somehwre that AMD is putting some execute bit flag for the memory into their 64bit processors)
In general use, you have 2 possibilities:
- using writeprocessmemory (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/writeprocessmemory.asp) (and you put the data into the process memory of your executing program ... stinky :) )
- using ASM (playing with the IP register ;) )
The hard stuff is that you will have to control everything related to that memory so that the OS can cope with it. That means you need to have a lot of knoledge about how the OS is working with : memory, code, data, etc.
The basic scketch is like this:
- load the data into memory
- have a type : myproc = procedure;
- initialize a variable of that type to the address of the data to be executed
- run the variable
ex:
type myf = procedure;
procedure a;
var b:myf;
begin
b:=addr(a);
beep;
sleep(1000);
b;
end;
procedure TForm1.Button1Click(Sender
begin
a;
end;
but you will point b to the begining of the loaded data (which must be a procedure of the declared form, in this case "procedure myprocedure; begin end; or something".
Of course, you will not be able to execute programs like this (exe files, etc) because you must first parse the executable and load it into memory just as the OS does and only after that you can change the IP register to point to the begining of the program to be exeecuted. Dirty stuff.
If you succeed imlementing it, give us a post ;)
Good Luck.
ASKER
i've heard about shellcodes, im not sured whats that.
When you say "shellcodes" are you referring to "ShellExecute"?
No. he means something that is based on (is using) something from the "low level" tehniques I wrote above
see more here: http://en.wikipedia.org/wiki/Shellcode
see more here: http://en.wikipedia.org/wiki/Shellcode
Here's an example of how to do what I said in my previous post:
========================== ========== =====
Pas file
=====
unit main;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellApi;
type
TForm2 = class(TForm)
btnRun: TButton;
btnSetData: TButton;
Label1: TLabel;
memData: TMemo;
dlgOpen: TOpenDialog;
procedure btnSetDataClick(Sender: TObject);
procedure btnRunClick(Sender: TObject);
end;
var
Form2: TForm2;
Data: array of byte;
implementation
{$R *.dfm}
procedure TForm2.btnSetDataClick(Sen der: TObject);
var f: TFileStream;
s: string;
i: integer;
begin
if dlgOpen.Execute then
begin
f:= TFileStream.Create(dlgOpen .FileName, fmOpenRead);
try
f.Seek(0, soFromBeginning);
SetLength(data, f.Size);
f.Read(Data[0], f.Size);
SetLength(s, f.size);
Move(Data[0], s[1], f.Size);
for i:= 1 to f.Size do
if s[i] = #0 then s[i]:= ' ';
memData.Text:= s;
finally
f.Free;
end;
end;
end;
procedure TForm2.btnRunClick(Sender: TObject);
var f: TFileStream;
exe: string;
begin
if Length(Data) = 0
then raise exception.Create('Data variable not yet loaded');
exe:= ExtractFilePath(ParamStr(0 ))+'\Temp. exe';
if FileExists(exe) then DeleteFile(exe);
f:= TFileStream.Create(exe, fmCreate);
try
f.Position:= 0;
f.Write(Data[0], Length(Data));
finally
f.Free;
end;
ShellExecute(0, pchar('open'), pchar(exe), nil, pchar(ExtractFilePath(exe) ), SW_SHOW);
end;
end.
dfm file
=====
object Form2: TForm2
Left = 192
Top = 114
Width = 696
Height = 480
Caption = 'Form2'
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
OldCreateOrder = False
DesignSize = (
688
446)
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 8
Top = 48
Width = 89
Height = 13
Caption = '"Data" variable'
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = [fsBold]
ParentFont = False
end
object btnRun: TButton
Left = 168
Top = 8
Width = 153
Height = 25
Caption = 'Run app from "data" variable'
TabOrder = 0
OnClick = btnRunClick
end
object btnSetData: TButton
Left = 8
Top = 8
Width = 153
Height = 25
Caption = 'Set "data" variable'
TabOrder = 1
OnClick = btnSetDataClick
end
object memData: TMemo
Left = 8
Top = 64
Width = 673
Height = 377
Anchors = [akLeft, akTop, akRight, akBottom]
TabOrder = 2
end
object dlgOpen: TOpenDialog
DefaultExt = '*.exe'
FileName = '*.exe'
Filter = 'Executable files (*.exe)|*.exe'
Title = 'Select file to set "Data" variable to'
Left = 368
Top = 16
end
end
Kind regards
Pierre
==========================
Pas file
=====
unit main;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellApi;
type
TForm2 = class(TForm)
btnRun: TButton;
btnSetData: TButton;
Label1: TLabel;
memData: TMemo;
dlgOpen: TOpenDialog;
procedure btnSetDataClick(Sender: TObject);
procedure btnRunClick(Sender: TObject);
end;
var
Form2: TForm2;
Data: array of byte;
implementation
{$R *.dfm}
procedure TForm2.btnSetDataClick(Sen
var f: TFileStream;
s: string;
i: integer;
begin
if dlgOpen.Execute then
begin
f:= TFileStream.Create(dlgOpen
try
f.Seek(0, soFromBeginning);
SetLength(data, f.Size);
f.Read(Data[0], f.Size);
SetLength(s, f.size);
Move(Data[0], s[1], f.Size);
for i:= 1 to f.Size do
if s[i] = #0 then s[i]:= ' ';
memData.Text:= s;
finally
f.Free;
end;
end;
end;
procedure TForm2.btnRunClick(Sender:
var f: TFileStream;
exe: string;
begin
if Length(Data) = 0
then raise exception.Create('Data variable not yet loaded');
exe:= ExtractFilePath(ParamStr(0
if FileExists(exe) then DeleteFile(exe);
f:= TFileStream.Create(exe, fmCreate);
try
f.Position:= 0;
f.Write(Data[0], Length(Data));
finally
f.Free;
end;
ShellExecute(0, pchar('open'), pchar(exe), nil, pchar(ExtractFilePath(exe)
end;
end.
dfm file
=====
object Form2: TForm2
Left = 192
Top = 114
Width = 696
Height = 480
Caption = 'Form2'
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
OldCreateOrder = False
DesignSize = (
688
446)
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 8
Top = 48
Width = 89
Height = 13
Caption = '"Data" variable'
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = [fsBold]
ParentFont = False
end
object btnRun: TButton
Left = 168
Top = 8
Width = 153
Height = 25
Caption = 'Run app from "data" variable'
TabOrder = 0
OnClick = btnRunClick
end
object btnSetData: TButton
Left = 8
Top = 8
Width = 153
Height = 25
Caption = 'Set "data" variable'
TabOrder = 1
OnClick = btnSetDataClick
end
object memData: TMemo
Left = 8
Top = 64
Width = 673
Height = 377
Anchors = [akLeft, akTop, akRight, akBottom]
TabOrder = 2
end
object dlgOpen: TOpenDialog
DefaultExt = '*.exe'
FileName = '*.exe'
Filter = 'Executable files (*.exe)|*.exe'
Title = 'Select file to set "Data" variable to'
Left = 368
Top = 16
end
end
Kind regards
Pierre
1. Maybe...how's your assembler skills? :-)
If you output 'assembled code', you can transfer execution to these executable.
Note: assembled code is the binary load module of ASM statements
2. If you are working with the .Net framework, you can output statements in any
acceptable language and compile it or output IL code and compile it. Both of these
methods would invoke the JIT compiler, usually launched from a command prompt,
via a ShellExecute method.
3. If you are running on an NTFS partition, you can output the executable module
to a hidden NTFS stream (special folder).
4. If you have access to a RAMdisk (in-memory disk area), you could load the executable
module there.
5. You can use the Microsoft java scripting object to execute VB script code on-the-fly
at interpretation speeds.
6. You can use one of the Delphi scripting/macro engines to execute some Delphi statements
on-the-fly at interpretation speeds.
If you output 'assembled code', you can transfer execution to these executable.
Note: assembled code is the binary load module of ASM statements
2. If you are working with the .Net framework, you can output statements in any
acceptable language and compile it or output IL code and compile it. Both of these
methods would invoke the JIT compiler, usually launched from a command prompt,
via a ShellExecute method.
3. If you are running on an NTFS partition, you can output the executable module
to a hidden NTFS stream (special folder).
4. If you have access to a RAMdisk (in-memory disk area), you could load the executable
module there.
5. You can use the Microsoft java scripting object to execute VB script code on-the-fly
at interpretation speeds.
6. You can use one of the Delphi scripting/macro engines to execute some Delphi statements
on-the-fly at interpretation speeds.
someone said: with computer nothing is impossible
so, it's possible, look at this example:
http://www.geocities.com/deltaaziz/expert/exec1.zip
All credit goes to Aphex, athor of the original source code.
This is my first post :) and i want the 500 points :)
Regards
DeltaAziz
so, it's possible, look at this example:
http://www.geocities.com/deltaaziz/expert/exec1.zip
All credit goes to Aphex, athor of the original source code.
This is my first post :) and i want the 500 points :)
Regards
DeltaAziz
DeltaAziz,
Very interesting. What does the DLL do? There is very little documentation
in your linked zip file.
Trying to understand this, I did encounter a VB project that uses some of
Aphex's work to delete a running executable.
http://www.pscode.com/vb/scripts/ShowCode.asp?txtCodeId=44907&lngWId=1
I would like to understand the 'magic', since part of your link uses a file and
the question seems to preclude file use.
Very interesting. What does the DLL do? There is very little documentation
in your linked zip file.
Trying to understand this, I did encounter a VB project that uses some of
Aphex's work to delete a running executable.
http://www.pscode.com/vb/scripts/ShowCode.asp?txtCodeId=44907&lngWId=1
I would like to understand the 'magic', since part of your link uses a file and
the question seems to preclude file use.
Hi again!
the DLL execute the program in memery after doing some fix,
and the Pro.exe can be included in test file as Data...
Ok,ehere another example:
http://www.geocities.com/deltaaziz/expert/exec2.zip
it's realy a nice piece of code, to use in a protection for example
and i'm still waiting for my point 500 :)
Regards
DeltaAziz
the DLL execute the program in memery after doing some fix,
and the Pro.exe can be included in test file as Data...
Ok,ehere another example:
http://www.geocities.com/deltaaziz/expert/exec2.zip
it's realy a nice piece of code, to use in a protection for example
and i'm still waiting for my point 500 :)
Regards
DeltaAziz
Well, the one who asked this question put 500 points
but after looking to his profile, "becoolnike" have 0 points!!!
but after looking to his profile, "becoolnike" have 0 points!!!
DeltaAziz,
The points you saw on the questioner's profile are expert points, those earned from
answering questions asked by others. These expert points are different from the
points one uses to award to those of us who answer their questions. The system
at Experts-Exchange.com is supposed to prevent question askers from over-
commiting their points.
The points you saw on the questioner's profile are expert points, those earned from
answering questions asked by others. These expert points are different from the
points one uses to award to those of us who answer their questions. The system
at Experts-Exchange.com is supposed to prevent question askers from over-
commiting their points.
aikimark,
thank you for enlighting me,
try the second example
Regards
DeltaAziz
thank you for enlighting me,
try the second example
Regards
DeltaAziz
DeltaAziz,
You're welcome.
I'm too paranoid to try either of your examples without compiling the
deltaaziz.dll from its source or downloading from some trusted location,
such as SourceForge or Programmersheaven or Torry's (etc.).
As a general rule, Experts-Exchange.com likes to work at the source
level rather than at the executable level.
You're welcome.
I'm too paranoid to try either of your examples without compiling the
deltaaziz.dll from its source or downloading from some trusted location,
such as SourceForge or Programmersheaven or Torry's (etc.).
As a general rule, Experts-Exchange.com likes to work at the source
level rather than at the executable level.
ASKER
wow it sees its posible not full comment at all just a piece of source.
data array sees to hold the exe data .
i like to know in what kind of traslation data was created it sees not hex or binary code.
data array sees to hold the exe data .
i like to know in what kind of traslation data was created it sees not hex or binary code.
Hi
Read your question:
"like load data into the memory and then execute like is was it a .exe file."
it's what do Example1, just load a file and execute it in memory.
in example 2: the EXE file is included as Array, it's just plain copy of each byte from file to the array.
Data: array [1..XXX] of byte
where XXX is size of EXE file.
in your question you wrote:
data : string;
data:='MZP.............';
i'v not used Data as String because the EXE may contain special Character like ' so it cause problems..
in short, you just need a Pointer, Gat/Alloc somemory, load your EXE in that memory, pass your Pointer to the procedure in DeltaAziz.Dll and that's All
an i'm still waiting for my first Points :)
Regards
DeltaAziz
Read your question:
"like load data into the memory and then execute like is was it a .exe file."
it's what do Example1, just load a file and execute it in memory.
in example 2: the EXE file is included as Array, it's just plain copy of each byte from file to the array.
Data: array [1..XXX] of byte
where XXX is size of EXE file.
in your question you wrote:
data : string;
data:='MZP.............';
i'v not used Data as String because the EXE may contain special Character like ' so it cause problems..
in short, you just need a Pointer, Gat/Alloc somemory, load your EXE in that memory, pass your Pointer to the procedure in DeltaAziz.Dll and that's All
an i'm still waiting for my first Points :)
Regards
DeltaAziz
ASKER
i only thing to finish with this post its to be answered well.
just gime that author of the dll or if the dll is open source.
due your asnwer still not pro.
anyways if u dont know ill give u the points.
thank u.
just gime that author of the dll or if the dll is open source.
due your asnwer still not pro.
anyways if u dont know ill give u the points.
thank u.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank u .
i remember someone who said in some post that this wasnt posible.
i remember someone who said in some post that this wasnt posible.
I've learned something. Thanks.
I've participated in another discussion or two here at Experts-Exchange that asked similar
questions. No one knew how to do it, so we assumed it couldn't be done without
creating your own PE loader (which seemed VERY DIFFICULT).
I've participated in another discussion or two here at Experts-Exchange that asked similar
questions. No one knew how to do it, so we assumed it couldn't be done without
creating your own PE loader (which seemed VERY DIFFICULT).
Hi
You are welcome,
i'm happt that it helps
also happy cause it's my first post/point,
This site is Great
You are welcome,
i'm happt that it helps
also happy cause it's my first post/point,
This site is Great
DeltaAziz are you still here? need to contakt you if possible.
send a mail to oscar@crytek.de thx.
send a mail to oscar@crytek.de thx.
Hi dMa
yeah i'm still alive
i just wrote you an e-mail: DeltaAziz*Gmail*com
yeah i'm still alive
i just wrote you an e-mail: DeltaAziz*Gmail*com
@DeltaAziz
If you are still around, can you please post a working sample of the solution that you have posted here?
If you are still around, can you please post a working sample of the solution that you have posted here?
it is *not* possible, unless of course the "data" is some form of script that your program would interprete