executing code

i remember this topic coming up before, about executing binary code from within your code

let's say, I have some PE formatted executable, how would I execute it from within my program?

Within the same process or a different process?

Forget it, it's Turing-complete.

>>2

within the same process

so my program would be acting with the executable the same way that an OS does when it runs one

>>1
system()
N0w fuckoof.

>>4
If there's no requirement on what the PE file format is, just make it a DLL (flag set in PE header) and make sure there are relocations (so it can be loaded at any address), then merely do a LoadLibraryA or LoadLibraryW to load the code. If you want to do it more "stealthily", you could map the pages manually into memory, resolve imports and perform relocations (among other things the PE loader does), but I'm not going to explain how to do all that here, learn the OS' internals yourself, it's too much to explain in a post.

malloc the space, move the code, then jmp there.


typedef void (*hax());

(hax)anus(); // anus contains the code

Didn't windows even allow remote DLL loading without any sagery checks???

>>8

SEPPLES // style comments considered harmful.

>>10
Fuck off, ``Xarn''.

>>8
U MENA


typedef void (*hax(void));
((hax)anus)(); /* anus contains the code */

>>12
VALID LISP CODE

>>5
This only is available with Csdlib. If you are are looking for the Win32API function, i think its shellexecute() or so, look it up on MSDN.

Executing code, to me, is a sublimated representation of the violence inherent in our modern technological civilization. Believe it our not a more peaceful world is possible, but you must stop executing code and instead start conjuring spirits.

>>14
*Cstdlib

>>1

'-._                  ___.....___                           ___,,,,,___                  _,-'
    `.__           ,-'        ,-.`-,                     .-`,-.        '-.           __,`
        `''-------'          ( p )  `._               _,`  ( q )          '-------''`
                              `-'      \ LISP?       /      '-`
                                        \           /
                              .         \           /         ,
                               \---..,--'     LISP! '--.,,---/
   ................._           --...--,             .--,,,--           _,,,,,,,,,,,,,,,,,
                     `-.._         _.-'               '-,_         _,,-`
                          `'-----''                       ''-----'`

>>17
LITHP?

>>18
lolol ith your lithp deth
U MENA HATHKAL

>>6

but I want to run the code from memory within my program, not an external file

the other binary executable will be embedded in my program, and from there I run it without ever using or creating an external file

>>20
Is it a DLL or an EXE? The difference is mostly in how it's build, especially the flags and presence of relocations.

If it's a DLL, you can always load it manually. You can do the same for EXE, but depending on the presence of relocations or not, you'll need to take different paths.

As I said in my post, the actual details are rather involved and require you to understand the PE loader well, but it's not too difficult, it goes like this (much simplified version):
1. Read/parse the header.
2. Map the header and sections into memory, set proper protection options for the pages. VirtualAlloc and VirtualProtect will need to be used at minimum.
3. Resolve imports, either directly or using your own code. LoadLibraryA/W, GetModuleHandleA/W and GetProcAddress may need to be used, but it's not absolutely needed.
4. Apply relocations if present.
5. Execute tls-callbacks and other initialization code.
6. Call the DLL's entrypoint.
This is how LoadLibrary works at minimum, if you were to do your own LoadLibrary like that, you may as well write your own GetProcAddress (just look up the imports in the export table, can only be done by accessing memory). If you want to register the DLL so it can be detected by other tools, you'll need to learn a bit about PEB->Ldr->InMemoryOrderModuleList, same goes about finding other DLLs (GetModuleHandle).

The gist of it is that you can pretty much load any code in memory by merely having a memory allocator (and usually also a way to change the page protections, so VirtualAlloc and VirtualProtect) and a proper understanding of the PE file format and how the loader works.

That is if your code is a DLL and has relocations. If not? You can always just create a dummy process, remotely dealloc all memory, and reconstruct the executable like the PE loader would do (remotely), then adjust the context (or just create a remote thread), and you would have generated a process without it having a file on disk. I'm really not going to explain this in detail, and you should go read up the documentation yourself, it's too long and you should do your homework.

If you are lazy and have no interest in doing your homework, just use one of the PE packers/protectors that support bundling DLLs - there are quite a few.

>>21

thankyou kind windows guru sir


    ░░░░░░░░░░░░░░░▄░░░░░░░░░░░░░░░
    ░░░░░░░░░░░░░▄▀█░░░░░░░░░░░░░░░
    ░░░░░░░░░░░▄▀░░█░░░░░░░░░░░░░░░
    ░░░░░░░░░▄▀░░▄▀░░░░░░░░░░░░░░░░
    ░░░░░░░░█▄░▄▀░░░░░░░░▄█▄░░░░░░░
    ░░░░░░░░█░▀▄░░░░░░░▄▀░█░▀▄░░░░░
    ░░░░░░░░▀▄░░▀▄░░░▄▀░░▄▀▄░░▀▄░░░
    ░▄░░░░░░░░▀▄░░▀▄▀░░▄▀░░░▀▄░░▀▄░
    ░█▀▄░░░░░░░░▀▄▀█▀▄▀░░░░░░░▀▄░█░
    ░█░░▀▄░░░░░▄▀░░█░░▀▄░░░░░░░░▀█░
    ░░▀▄░░▀▄░▄▀░░▄▀░▀▄░░▀▄░░░░░░░░░
    ░░░░▀▄░░█░░▄▀░░░░░▀▄░▄█░░░░░░░░
    ░░░░░░▀▄█▄▀░░░░░░░░▄▀░█░░░░░░░░
    ░░░░░░░░▀░░░░░░░░▄▀░░▄▀░░░░░░░░
    ░░░░░░░░░░░░░░░▄▀░░▄▀░░░░░░░░░░
    ░░░░░░░░░░░░░░░█░▄▀░░░░░░░░░░░░
    ░░░░░░░░░░░░░░░█▀░░░░░░░░░░░░░░
    ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
    ░█▄░█░█░▄▀▀▄░░█░░█░█▀▀░▀█▀░█░░░
    ░█░█▄░█░█░▄▄░░█▄▄█░█▄▄░░█░░█░░░
    ░█░░█░█░▀▄▄▀░░█░░█░█▄▄░▄█▄░█▄▄░
    ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
glory BLACK AFRIKA
HEIL NIGGERS.
HEIL BLACK AFRIKA.
NIG HEIL BLACK HITLER!