how to exec exe file from resource

[kidteam]

i'm attach a file exam.exe file to minefile.exe

how to exec exam.exe

[Vortex]

Hi kidteam,

Here is an example for you :

Code Select Expand


include     ExtractRsrc.inc

.data

szRsrc      db '#100',0
szFileName  db 'Dlgbox.exe',0

.code

start:

    invoke  FindResource,0,ADDR szRsrc,RT_RCDATA
    invoke  LoadResource,0,eax
    invoke  LockResource,eax
    invoke  WriteFileToDisc,ADDR szFileName,eax,SIZEOF_BINARY_DATA
    invoke  WinExec,ADDR szFileName,SW_SHOW
    invoke  ExitProcess,0

    include WriteFileFunc.asm

END start

[attachment deleted by admin]

[Slugsnack]

WinExec should/could be replaced by CreateProcess/ShellExecute since it's only provided for 16-bit compatibility

[hutch--]

I know the theory but WinExec() is reliable and not as fussy as CreateProcess(), especially when it comes to paths.

[kidteam]

can you help me
i don't want to extract to disk
i want to exec from memory

[hutch--]

The only person I knew who bothered to make a tool to do this was Jeremy Collake about 10 years ago and while it worked some of the time there were enough instances where it did not and it has to do with how the OS sets up and runs executable files. Try to load an EXE from a running EXE and your first problem is it wants to load at the same address. Next trick is you have to be able to dynamically change the entire PE header offsets to match the load address you have used.

Effectively even if you are very advanced and can write code like this, the procerss is unreliable as the OS is not designed to do it. I wouold suggest that you seek another program/application design that does not require non-system supported techniques.

The other factor is the technique you are trying to learn can be used to stealth load a trojan, virus or malicious code, this is generaly why someone wants to avoid a tracable event like a disk write and running the code as a seperate executable.

The thread is closed.