flat assembler
Message board for the users of flat assembler.

Index > Windows > Launch Executable from Memory ?

Goto page Previous  1, 2, 3, 4, 5
Author
Thread Post new topic Reply to topic
LiuGuoHua(Chinese)



Joined: 26 Sep 2003
Posts: 25
LiuGuoHua(Chinese)
Following is some code in fasm that can load dll from memory. Though loading a exe is a bit sufisticated than loading a dll because dll has a '.reloc' section which helps to fix the addresses, you can make the ImageBase of your 'host' PE different with the memory PE to avoid address conflict.

Code:
    


This code is from a chinese virus researcher named 'xfish', who has written a series of articles about writting virus in fasm. To see more, visit here: http://bbs.pediy.com/showthread.php?t=90441 (If you can read chinese or use a translating tool Wink )
Post 17 May 2011, 17:40
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
LiuGouHua(Chinese)
I have done it with EXE files too, but EXE needs to add reloc section also. Smile
Post 17 May 2011, 21:10
View user's profile Send private message Reply with quote
LiuGuoHua(Chinese)



Joined: 26 Sep 2003
Posts: 25
LiuGuoHua(Chinese)
Overflowz

Well done! With the reloc section, you can just treat a exe like dll. If the exe is written by other one and you don't have the source code, you will have to change the ImageBase of the host exe.
Post 18 May 2011, 18:40
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.