Encryption & Decryption

Printable View

Oct 21st, 2007, 03:46 AM
Sh4DoVV

Re: Encryption & Decryption

Hi Freinds
i have a creypted executable file and i want decrypt it into memory an execute . i do not want create any temp file for execute it , i just decrypt and execute into memory :) ?
plz help me :(
tnx , and sorry for my bad english :(
Oct 21st, 2007, 04:22 AM
Hack

Re: Encryption & Decryption

Split from this Codebank thread
Oct 21st, 2007, 07:03 PM
randem

Re: Encryption & Decryption

Not a good idea to even try it. If it could be done easily, Virus programs would have exploited that way of deploying themselves long ago...
Oct 22nd, 2007, 05:27 AM
Macka007

1 Attachment(s)

Re: Encryption & Decryption

its actually not as hard as you might think randem, you just need to understand the Windows PE format (which I dont).

I have an example that does it, however you will have to modify it slightly. The example load the exe from a file into a byte array, in your case you will have to load it into a byte array from the decrypted data. There is however, some things to take into consideration if you use code that can do this.

1) This code crashes some computers, not all, but some. I have tried it out on 2 of my 3 computers, 1 of them crashed the other did not. I do not know why this is the case.

2) You need an executable to act as a "container", this can be any executable on the system, including the executable you used to do the decrypting.

3) The app.path of the executable will be the same as the executable you are using as the container, so if you used "c:\windows\system32\cmd.exe" as the container then the app path of the program loaded into memory will be "c:\windows\system32\"

The way the code works is it takes the exe, parses the PE headers, then shells an instance of the container executable using create process API with a suspended process flag. it then replaces the loaded code in the process with the code of the exe (after the PE Headers have been parsed) and then resumes the process, thus your exe takes the place of the other application.

I did not write this example, but i will upload it for your use.
Oct 22nd, 2007, 09:56 PM
randem

Re: Encryption & Decryption

Quote:

Originally Posted by Macka007

its actually not as hard as you might think randem, you just need to understand the Windows PE format (which I dont).

If you don't know, why would you respond to me... I do know...
Oct 23rd, 2007, 02:48 AM
Sh4DoVV

Re: Encryption & Decryption

Quote:

Originally Posted by Macka007

its actually not as hard as you might think randem, you just need to understand the Windows PE format (which I dont).

I have an example that does it, however you will have to modify it slightly. The example load the exe from a file into a byte array, in your case you will have to load it into a byte array from the decrypted data. There is however, some things to take into consideration if you use code that can do this.

1) This code crashes some computers, not all, but some. I have tried it out on 2 of my 3 computers, 1 of them crashed the other did not. I do not know why this is the case.

2) You need an executable to act as a "container", this can be any executable on the system, including the executable you used to do the decrypting.

3) The app.path of the executable will be the same as the executable you are using as the container, so if you used "c:\windows\system32\cmd.exe" as the container then the app path of the program loaded into memory will be "c:\windows\system32\"

The way the code works is it takes the exe, parses the PE headers, then shells an instance of the container executable using create process API with a suspended process flag. it then replaces the loaded code in the process with the code of the exe (after the PE Headers have been parsed) and then resumes the process, thus your exe takes the place of the other application.

I did not write this example, but i will upload it for your use.

Tnx Dear:)