i'm attach a file exam.exe file to minefile.exe
how to exec exam.exe
Hi kidteam,
Here is an example for you :
include ExtractRsrc.inc
.data
szRsrc db '#100',0
szFileName db 'Dlgbox.exe',0
.code
start:
invoke FindResource,0,ADDR szRsrc,RT_RCDATA
invoke LoadResource,0,eax
invoke LockResource,eax
invoke WriteFileToDisc,ADDR szFileName,eax,SIZEOF_BINARY_DATA
invoke WinExec,ADDR szFileName,SW_SHOW
invoke ExitProcess,0
include WriteFileFunc.asm
END start
[attachment deleted by admin]
WinExec should/could be replaced by CreateProcess/ShellExecute since it's only provided for 16-bit compatibility
I know the theory but WinExec() is reliable and not as fussy as CreateProcess(), especially when it comes to paths.
can you help me
i don't want to extract to disk
i want to exec from memory
The only person I knew who bothered to make a tool to do this was Jeremy Collake about 10 years ago and while it worked some of the time there were enough instances where it did not and it has to do with how the OS sets up and runs executable files. Try to load an EXE from a running EXE and your first problem is it wants to load at the same address. Next trick is you have to be able to dynamically change the entire PE header offsets to match the load address you have used.
Effectively even if you are very advanced and can write code like this, the procerss is unreliable as the OS is not designed to do it. I wouold suggest that you seek another program/application design that does not require non-system supported techniques.
The other factor is the technique you are trying to learn can be used to stealth load a trojan, virus or malicious code, this is generaly why someone wants to avoid a tracable event like a disk write and running the code as a seperate executable.
The thread is closed.