Hi Freinds
i have a creypted executable file and i want decrypt it into memory an execute . i do not want create any temp file for execute it , i just decrypt and execute into memory ?
plz help me
tnx , and sorry for my bad english
its actually not as hard as you might think randem, you just need to understand the Windows PE format (which I dont).
I have an example that does it, however you will have to modify it slightly. The example load the exe from a file into a byte array, in your case you will have to load it into a byte array from the decrypted data. There is however, some things to take into consideration if you use code that can do this.
1) This code crashes some computers, not all, but some. I have tried it out on 2 of my 3 computers, 1 of them crashed the other did not. I do not know why this is the case.
2) You need an executable to act as a "container", this can be any executable on the system, including the executable you used to do the decrypting.
3) The app.path of the executable will be the same as the executable you are using as the container, so if you used "c:\windows\system32\cmd.exe" as the container then the app path of the program loaded into memory will be "c:\windows\system32\"
The way the code works is it takes the exe, parses the PE headers, then shells an instance of the container executable using create process API with a suspended process flag. it then replaces the loaded code in the process with the code of the exe (after the PE Headers have been parsed) and then resumes the process, thus your exe takes the place of the other application.
I did not write this example, but i will upload it for your use.
its actually not as hard as you might think randem, you just need to understand the Windows PE format (which I dont).
I have an example that does it, however you will have to modify it slightly. The example load the exe from a file into a byte array, in your case you will have to load it into a byte array from the decrypted data. There is however, some things to take into consideration if you use code that can do this.
1) This code crashes some computers, not all, but some. I have tried it out on 2 of my 3 computers, 1 of them crashed the other did not. I do not know why this is the case.
2) You need an executable to act as a "container", this can be any executable on the system, including the executable you used to do the decrypting.
3) The app.path of the executable will be the same as the executable you are using as the container, so if you used "c:\windows\system32\cmd.exe" as the container then the app path of the program loaded into memory will be "c:\windows\system32\"
The way the code works is it takes the exe, parses the PE headers, then shells an instance of the container executable using create process API with a suspended process flag. it then replaces the loaded code in the process with the code of the exe (after the PE Headers have been parsed) and then resumes the process, thus your exe takes the place of the other application.
I did not write this example, but i will upload it for your use.
Re: Encryption & Decryption
?
Reply With Quote
Originally Posted by Macka007
