execute another application from program

[Peterpan]

Vortex,

Sorry for the confusion. Let's not talk about VB (I'm not a VB guy either  :bg )

Go back to your example. If the file "test.exe" is not Link with /FIXED:NO option, then there will be no Relocation for the exe, right ? Without it, pe-mem will crashed. Now, how to to change the pe-mem so it can call an executable (with/without RELOCATION) properly ?


Update:
BTW, I'm still reading this article. Can't quite understand  :green
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndebug/html/msdn_peeringpe.asp

Thanks for you help

[pbrennick]

Peterpan,
Since the two of you are both using a third language to discuss a problem, I thought I might add my 'two cents.'

Since the exe that will be called needs to be loaded into the address space of the calling exe, relocation is a must.  I cannot see how it could work any other way.  Of course this is Vortex's specialty so maybe he knows a way but I doubt it.

Paul

[Vortex]

Hi Peterpan,

Paul's explanation is the right one : The child exe should be loaded into the address space of the main application, this is why the /FIXED:NO switch is required which means relocation.

[Peterpan]

Pbrennick & Vortex.

I guess I was not make myself clear from the beginning. Hope this makes it clearer.

I know that a relocation is a MUST once the program is loaded into memory. My real question is how to relocate the program that doesn't have a Relocation Section.

OK. I've been played around. So here is a brute force technique (I guess  :toothy ). Now this example will work with/without /FIXED:NO. Also the child exe is loaded from resource (embedded into the loader). However it only works for a child exe from ASM. It still doesn't work for child exe from HLL.

Now, if anyone have anymore idea on how to make this works for any kind of "child exe" and in more proper way ? That would be great  :U

[attachment deleted by admin]

[pbrennick]

Since the only reason that one needs to force a relocation of an exe is because they do not own the source and since this topic is now showing how to hijack an exe, I am locking this topic.

Peterpan, please do not post any more questions about this method.

Paul

[hutch--]

I have re-opened this topic because it is applicable to a number of tasks which are perfectly legal.

As usual we expect posting to remain in legal territory and will remove them if they are not.

[Vortex]

Peterpan,

What exactly are you trying to do?

What would you like to achieve using Chetnik's methode?

[tenkey]

know that a relocation is a MUST once the program is loaded into memory. My real question is how to relocate the program that doesn't have a Relocation Section.

The real answer is that an EXE file with relocations stripped is (deliberately) not supposed to be relocated. The relocation or "binding" has already been performed.

It can only be relocated if the relocation information is supplied externally, the code is self-relocating, or there are no addresses that need relocation.

Addresses that need relocation appear in two primary forms.

1) References in executable code to .DATA (or equivalent like .DATA? and .CONST) locations.

add eax,[GlobalVariable]
mov [GlobalData],eax
mov eax,OFFSET GlobalXYZ
push GlobalStructure.xyzField

2) Address constants in tables or pointer variables

DWORD Function1, Function2, Function3
DWORD String1, String2, String3

Labels used in JMPs and CALLs normally use position-independent displacements. However, the setup for indirect jumps and calls may use OFFSETs, and they need relocation.

mov eax,OFFSET FunctionX
call eax

[Peterpan]

Hutch,
Thanks for your understanding  :U

What exactly are you trying to do?

What would you like to achieve using Chetnik's methode?

I have sent a PM to Hutch & Pbrennick about my goals. That's why Hutch had re-opened this thread. But to let you (all) know, here it is.

I made my living by making a database application from HLL (Visual Foxpro - VFP). The exe header (PE) created from VFP doesn't have a Relocation Section. But the entire program does not compiled into Native-Code, it's just a VFP object instead. Because of that, VFP.exe can be decompiled/rebranded directly into the source code (100% source code, perfect!). This decompiler/rebrander is called ReFox (R.E. Fox). It is sell LEGALLY for years. Some site even offer a free ReFox (old version). Just google for ReFox, you'll find thousands of it. Now there is another program that specifically design to protect a VFP exe from being decompiled/rebranded but unfortunately, it is too expensive for me and for many of VFP programmers also. One more think is, both of the rebrander and the protector has named XiTech. This is kind like a conspiracy to me (???)

In order to protect our apps, some of programmers using obsfucator (whatever). Now, in my case I want to make a loader, so I can embed VFP.exe into it. This is what I am after and ONLY THIS. Nothing more. If I can achieve this, I also think that I will offer this to others for free, so they can benefit also


Tenkey,

Thanks for replying  :U
I think I'm going to look into your explanation later, because right now I've lost my interest in this thread. Well, I probably come back here later. Until then...