News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

how to exec exe file from resource

Started by kidteam, June 21, 2009, 06:42:38 AM

Previous topic - Next topic

kidteam

i'm attach a file exam.exe file to minefile.exe

how to exec exam.exe

Vortex

Hi kidteam,

Here is an example for you :


include     ExtractRsrc.inc

.data

szRsrc      db '#100',0
szFileName  db 'Dlgbox.exe',0

.code

start:

    invoke  FindResource,0,ADDR szRsrc,RT_RCDATA
    invoke  LoadResource,0,eax
    invoke  LockResource,eax
    invoke  WriteFileToDisc,ADDR szFileName,eax,SIZEOF_BINARY_DATA
    invoke  WinExec,ADDR szFileName,SW_SHOW
    invoke  ExitProcess,0

    include WriteFileFunc.asm

END start

[attachment deleted by admin]

Slugsnack

WinExec should/could be replaced by CreateProcess/ShellExecute since it's only provided for 16-bit compatibility

hutch--

I know the theory but WinExec() is reliable and not as fussy as CreateProcess(), especially when it comes to paths.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

kidteam

can you help me
i don't want to extract to disk
i want to exec from memory

hutch--

The only person I knew who bothered to make a tool to do this was Jeremy Collake about 10 years ago and while it worked some of the time there were enough instances where it did not and it has to do with how the OS sets up and runs executable files. Try to load an EXE from a running EXE and your first problem is it wants to load at the same address. Next trick is you have to be able to dynamically change the entire PE header offsets to match the load address you have used.

Effectively even if you are very advanced and can write code like this, the procerss is unreliable as the OS is not designed to do it. I wouold suggest that you seek another program/application design that does not require non-system supported techniques.

The other factor is the technique you are trying to learn can be used to stealth load a trojan, virus or malicious code, this is generaly why someone wants to avoid a tracable event like a disk write and running the code as a seperate executable.

The thread is closed.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php