Load an Exe File and Run It from Memory

Load an EXE file and run it from memory

In the case of running .NET executables from memory, the libraries and CLR itself are doing a lot of heavy lifting for you. For native executables like notepad.exe and calc.exe, you'll have to do a lot of manual work to get it to happen. Basically, you have to act like the Windows loader.

There's probably pages of caveats here, but this in-depth article has the steps you need to load a PE wiki, msdn into memory and do the correct rebasing and fixups. Then, you should be able to find the entry point (like in the article) and run it.

If you're really just wanting to run notepad.exe and calc.exe, the easiest way, of course, would be to use Process.Start and run them off disk. Otherwise, if you have an executable embedded as a resource in your process, then the next easiest way would be to just write the contents out to disk in a temporary location (see Path.GetTempFileName) and then execute it from there.

Download Execute in Memory Depended EXE C#

After searching and searching.... i found this :)

using System.Reflection;
using System.Threading;

namespace MemoryAppLoader
{
    public static class MemoryUtils
    {
        public static Thread RunFromMemory(byte[] bytes)
        {
            var thread = new Thread(new ThreadStart(() =>
            {
                var assembly = Assembly.Load(bytes);
                MethodInfo method = assembly.EntryPoint;
                if (method != null)
                {
                    method.Invoke(null, null);
                }
            }));

            thread.SetApartmentState(ApartmentState.STA);
            thread.Start();

            return thread;
        }
    }
}

DLLs
You have to copy all of your DLLs to the directory with the launcher, so that the running process can access them. In case you would like to have an application in a single file, you can always pack all together and unpack from the launcher.

It is also possible to prepare an application with embedded libraries.

Source: https://wojciechkulik.pl/csharp/run-an-application-from-memory

read exe file in memory and execute it

No, it's not possible to do like that. There's no system call that says "take this chunk of my memory and use just that part of it as the image of a new process".

You can load code into memory and jump to it within the current process, but that's an ugly thing to do because you have to handle all of the relocations.

With regards to the Java specific part:

You can embed a Java interpreter within your C++ executable. You can write your own class loader for Java (through the C++ interface to the JVM) that will load classes from your encrypted Jar file. That way you could avoid ever writing the unencrypted Jar file to disk. It will of course be visible in memory to anyone with a debugger...

Loading an executable into current process's memory, then executing it

You code is a good start, but you are missing a few things.

First is, as you mentioned, resolving imports. What you say looks right, but I've never done this manually like you so I don't know the details. It would be possible for a program to work without resolving imports, but only if you don't use any imported function. Here your code fails because it tries to access an import that hasn't been resolved ; the function pointer contains 0x4242 instead of the resolved address.

The second thing is relocation. To make it simple, PE executable are position independent (can work at any base address), even if the code isn't. To make this work, the file contains a relocation table that is used to adjust all the data that are dependent on the image location. This point is optional if you can load at the preferred address (pINH->OptionalHeader.ImageBase), but it means that if you use the relocation table, you can load your image anywhere, and you can omit the first parameter of VirtualAlloc (and remove the related checks).

You can find more info on import resolving and relocation in this article, if you didn't find it already. There is plenty of other resource you can find.

Also, as mentioned in marom's answer, your program is basically what LoadLibrary do, so in a more practical context, you would use this function instead.


Related Topics

How to Write a JSON File in C#

Keeping ASP.NET Session Open/Alive

Dynamic Where Clause in Linq

How to Change the Timeout on a .Net Webclient Object

Parallel.Foreach VS Task.Factory.Startnew

Variable Scope Confusion in C#

How to Access Named Capturing Groups in a .Net Regex

Does C# Have Extension Properties

What Are 'Closures' in C#

How to Check If a Type Is a Subtype or the Type of an Object

Parsing SQL Code in C#

"The Controls Collection Cannot Be Modified Because the Control Contains Code Blocks"

Program to Find Prime Numbers

How to Serialize a String as Cdata Using Xmlserializer

Error Message 'Unable to Load One or More of the Requested Types. Retrieve the Loaderexceptions Property for More Information.'

Sqlcommand Parameters Add VS. Addwithvalue

How to Find the Most Recent File in a Directory Using .Net, and Without Looping

Setting Httpcontext.Current.Session in a Unit Test


Leave a reply



Submit