Loading executable into memory
Alright, for a school project i'm making a filecrypter, and i need to load the executable directly into the memory.
For those that don't know it yet, a crypter consists of a crypter, and a seperate "stub"
the crypter crypts the file, and the stub is binded to the file, and upon execution, the stub is executed, and in turn executes the file it's bound to.
I have a RunPE sub, and on itself it works fine
Code:
Imports System.Runtime.CompilerServices
Imports System.Reflection
Public Class Form1
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim x As New Threading.Thread(AddressOf RunInternalExe)
x.Start()
End Sub
Private Sub RunInternalExe()
Dim CurrentAssembly As Reflection.Assembly = Reflection.Assembly.GetExecutingAssembly()
Dim Resource As String = String.Empty
Dim ArrResources As String() = CurrentAssembly.GetManifestResourceNames()
For Each Resource In ArrResources
If Resource.IndexOf("test.exe") > -1 Then Exit For
Next
Dim ResourceStream As IO.Stream = CurrentAssembly.GetManifestResourceStream(Resource)
If ResourceStream Is Nothing Then
Return
End If
Dim ResourcesBuffer(CInt(ResourceStream.Length) - 1) As Byte
ResourceStream.Read(ResourcesBuffer, 0, ResourcesBuffer.Length)
ResourceStream.Close()
Dim assembly As Assembly = assembly.Load(ResourcesBuffer)
Dim entryPoint As MethodInfo = [assembly].EntryPoint
Dim objectValue As Object = RuntimeHelpers.GetObjectValue([assembly].CreateInstance(entryPoint.Name))
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(objectValue), New Object() {New String() {"1"}})
End Sub
End Class
this code will successfully load "test.exe"
but when i apply it to my stub like this
Code:
Imports System.Runtime.CompilerServices
Imports System.Reflection
Public Class Form1
Const filesplit = "-{@z3r0x@}-"
Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
On Error Resume Next
Dim TPath As String = System.IO.Path.GetTempPath
Dim file1, filezb4(), filezafter As String
Dim x As New Threading.Thread(AddressOf RunPE)
FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
file1 = Space(FileLen(1))
FileGet(1, file1)
FileClose(1)
filezb4 = Split(file1, filesplit)
filezafter = xorcrypt(filezb4(1), "SomeKeyString")
FileOpen(5, TPath & "\CryptedFile.exe", OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default)
FilePut(5, filezafter)
FileClose(5)
x.Start(TPath & "\CryptedFile.exe")
Me.Close()
End
End Sub
Private Function xorcrypt(ByVal filein As String, ByVal key As String) As String
Dim Index As Integer = 0
Dim ReturnValue As String = ""
For Each CharValue As Char In filein.ToCharArray
ReturnValue = String.Concat(ReturnValue, Chr(Asc(CharValue) Xor Asc(key.Substring(Index, 1))))
Index = (Index + 1) Mod key.Length
Next
Return ReturnValue
End Function
Private Sub RunPE(ByVal stuff As String)
Dim CurrentAssembly As Reflection.Assembly = Reflection.Assembly.GetExecutingAssembly()
Dim Resource As String = String.Empty
Dim ArrResources As String() = CurrentAssembly.GetManifestResourceNames()
For Each Resource In ArrResources
If Resource.IndexOf(stuff) > -1 Then Exit For
Next
Dim ResourceStream As IO.Stream = CurrentAssembly.GetManifestResourceStream(Resource)
If ResourceStream Is Nothing Then
Return
End If
Dim ResourcesBuffer(CInt(ResourceStream.Length) - 1) As Byte
ResourceStream.Read(ResourcesBuffer, 0, ResourcesBuffer.Length)
ResourceStream.Close()
Dim assembly As Assembly = assembly.Load(ResourcesBuffer)
Dim entryPoint As MethodInfo = [assembly].EntryPoint
Dim objectValue As Object = RuntimeHelpers.GetObjectValue([assembly].CreateInstance(entryPoint.Name))
entryPoint.Invoke(RuntimeHelpers.GetObjectValue(objectValue), New Object() {New String() {"1"}})
End Sub
End Class
^Doesn't load the file it's binded to^
Note also, if i leave out the RunPE, and just load the binded executable like this
Code:
System.Diagnostics.Process.Start(TPath & "\CryptedFile.exe")
it DOES work (but then it won't load it directly into the memory, ofcourse, which IS a requirement)
thanks in advance everyone!
Re: Loading executable into memory
First things first, you are using VB6 style code there (things like FileGet, FilePut and FileClose all have more sophisticated .NET equivalents). Same for On Error Resume Next but that one is a little more of a problem - do you really want to just hide and ignore any error messages that occur? Consider what an error message is - its something that tells you there has been a problem and gives you some information about the problem, I know that if any errors occurred in my program I would certainly want to know about it rather than just continuing and hoping it was nothing serious that affects the rest of the program. If you took that out then you might be able to diagnose your problem a lot more easily.
Re: Loading executable into memory
I took it out and now i get an error message saying that File 1 isn't found
Re: Loading executable into memory
Okay, i was now able to get rid of that error message by replacing FileLen() with LOF()
Now i get again, no error messages, the crypted file just seems to run, but does nothing at all.
and again when i replace x.start() with the normal execution mode [CODE]System.Diagnostics.Process.Start(TPath & "\CryptedFile.exe")[CODE] It does work again (but it doesn't load it into memory)
Re: Loading executable into memory
I now managed to fix some stuff but i get an error now that "it can't load the file assembly of 180 bytes" and it also says something about invalid entry point (it still works with this code)
Code:
System.Diagnostics.Process.Start(TPath & "\CryptedFile.exe")
just not when i use the RunPE.
any help here please?
