|
Beer26 wrote:
is there a way to run an executable located in a memory buffer, that isn't physically on the disk?
Maybe. But wouldn't it be easier just to write that buffer to a temp-file .exe and execute that one? What are you writing, a virus?
|
|
|
|
|
Mike Nordell wrote:
What are you writing, a virus?
It could be a software protection system where the executable is encrypted and then decrypted to memory using a key.
John
|
|
|
|
|
that's exactly right. Thanks for your superior insight and openmindedness.
|
|
|
|
|
John M. Drescher wrote:
It could be a software protection system ...
Then he's going about it the completely wrong way. He doesn't want to create a new process ("run an executable", which in Win32 implies a .exe file - and since he's already inside a running process it must be a new process he's requesting) - he wants it to run in the current process. Like calling a function within the same process, but an encrypted function.
If the requirements are wrong, the end result can only be correct by pure luck.
|
|
|
|
|
I don't want to allow access to the .exe being written, not even for an instant. It is not for a virus. The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
|
|
|
|
|
Beer26 wrote:
I don't want to allow access to the .exe being written, not even for an instant.
That wasn't a requirement according to your question. You just told you had "executable located in a memory buffer". An executable in Win32 is a PE file.
It is not for a virus.
Good to know.
The fact that you have implied that I could be writing a virus, frankly is insulting, and suggesting it, if I may permit myself to say so, was stupid.
I can without problems accept people telling me I insult them. But me asking if you were writing a virus (even that I admit I missed the smiley at the end, why it was obviously impossible for you to know that I wasn't that serious) I think was quite ligit considering how you worded your question. If you choose to think of me in terms of "stupid" that's your choice, and them it's my right to not telling you how you make sure e.g. IAT's are patched and how you *really* get the libraries you need loaded, or just not give any pointer in the right direction.
Have a nice day.
|
|
|
|
|
Beer26 wrote:
if I may permit myself to say so, was stupid.
With 9 messages posted, I don't think you can permit yourself to insult other members. For that matter of fact even if you were the guru here, you still cannot call someone's suggestions stupid.
Mike's question is very legitimate. I also thought that you were writing a virus. Writing exe packers or decrypters requires certain steps which you could have explained very briefly in your post. Like Mike, I choose not to help you.
// Afterall, I realized that even my comment lines have bugs
When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
|
|
|
|
|
"I also thought that you were writing a virus."
It is of my opinion that your comments are stupid too.
"You cannot insult people!!!!" I wasn't insulting anyone, just stating my own opinion. The germans did not win the 2nd war. I have the right.
|
|
|
|
|
Beer26 wrote:
It is of my opinion that your comments are stupid too.
You're opinions are very insignificant. Happy 5th birthday!
// Afterall, I realized that even my comment lines have bugs
When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
|
|
|
|
|
Toni78 wrote:
Happy 5th birthday!
That's only making it worse. The best way to treat someone you think is insulting you is to just ignore it. People's opinions are not insignificant, no matter what they are.
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
Ryan Binns wrote:
That's only making it worse.
Sorry, you're right.
// Afterall, I realized that even my comment lines have bugs
When one cannot invent, one must at least improve (in bed).-My latest fortune cookie
|
|
|
|
|
Never tried it but, it should just be a matter of allocating a block of memory with execute access, casting the address to a function prototype, and calling it.
Look at GlobalAlloc() (from MS docs) :
"Memory allocated with this function is guaranteed to be aligned on an 8-byte boundary. All memory is created with execute access; no special function is required to execute dynamically generated code."
Or,
VirtualAlloc( ..., DWORD flProtect ) :
flProtect = PAGE_EXECUTE_READWRITE;
Enables execute, read, and write access to the committed region of pages.
Would probably start with trying to do a simple C function first so you don't need to worry about the 'this' pointer.
...cmk
Save the whales - collect the whole set
|
|
|
|
|
I'm so sorry,
I'm still missing a link here.
I can not use the HGLOBAL i get from the GlobalAlloc with CreateProcess.
It will only accept a path on the disk. What would you suggest as an alternative to get the HGLOBAL into a process?
|
|
|
|
|
ok, I missed that part about casting the pointer to a function. I'm not sure how that could possibly work though, but
Thanks again, I will try that
|
|
|
|
|
Beer26 wrote:
I'm not sure how that could possibly work though
It should work, but you need to be really careful. Someone asked a very similar question about a week ago, and a few of us cautioned him on the dangers of executing code generated in memory.
But if you know what you're doing, it should work no problems
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
point CS:IP at your code
I'm going to live forever or die trying!
|
|
|
|
|
rough
Sincerely yours, Ilya Kalujny.
|
|
|
|
|
Well, he asked
I'm going to live forever or die trying!
|
|
|
|
|
Weird problem for a VCPP 6 newbie:
When my app invokes a windows common dialog, such as "Save As.." or "Open..." dialogs, some dialog controls display foreign language captions and labels.
Has anyone had this problem? How did you fix it?
Thanks,
madErnie
|
|
|
|
|
I am not sure about windows common dlg. (Are you talking about FileSaveDialog?)
Your problem may be due to your language setting. In your resource files. Check your resource properties and change it to your OS supporting language format.
Or to use notepad to change your *.rc manually but try to avoid this as it might corrupt your resource file.
Your *.rc should be using this codepage. (I assume you are using English US locale)
/////////////////////////////////////////////////////////////////////////////
// English (U.S.) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
#ifdef _WIN32
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
#pragma code_page(1252)
#endif //_WIN32
Hope this helps.
|
|
|
|
|
i wanted to log in Edonkey2000 server..the doc said that i must send the clientinfo <client info="">
[Client Hash] + [Client ID] + [Port] +
i didnt understand what is the client hash that i must generate or just its my Ip Adress? and also the client id..how could i send the client id and i still need it from the server?! and the meta tag list? plz if anyone can help me plz send me a sample of a code of the string i ll send(and the headers?!)
|
|
|
|
|
Hi
I’m trying to write a program that connects to AutoCAD 2002. I know that automation works with VARIANT data types. Also I found two nice MFC classes ‘COleVariant’ and ‘COleSafeArray’ to work with variants, but I could not find any class with an ‘operator []’ function that can access to elements of a variable of VARINAT type that has VT_ARRAY flag.
However if you have written some codes with VBA, you know that in VBA, with some simple codes like this you can access to elements of VARIANT:
Dim var As VARIANT
set var = MyAutoCADFunction ( … )
var(0) = 1
var(1) = 5
Do you know any predefined class in C++ to access this magic data type?
Thanks for your help
|
|
|
|
|
|
Thanks Anthony
I study _variant_t in 'comutil.h'. This is a very useful class for gathering information about a VARIANT, but I could not find an operator [] for VT_ARRAY variants. However I tried to use one of the exist overloaded operators, for example 'operator double()', but I get an unresolved external message when I build my project. The message says that the function '_com_issue_error' that used by 'CheckError' is missing. Now I need to know name of the library that contains this function. I hope that this works for VT_ARRAY.
Thanks again for your attention.
|
|
|
|
|
Hope this helps.
I guess _variant_t is not suitable for your case.
You are doing VBA right. I did Office Automation which automate Ms Excel before.
You should stick back to COleSafeArray.
The codes is in the MSDN but anyway. I paste it here so that you could refer it.
void CSAProjDlgAutoProxy::Sort(VARIANT FAR* vArray) <br />
{<br />
COleSafeArray sa;<br />
BSTR *pbstr;<br />
TCHAR buf[1024];<br />
LONG cElements, lLBound, lUBound;<br />
<br />
USES_CONVERSION;<br />
<br />
if (V_VT(vArray) != (VT_ARRAY | VT_BSTR))<br />
AfxThrowOleDispatchException(1001, <br />
"Type Mismatch in Parameter. Pass a string array by reference");<br />
<br />
sa.Attach(*vArray);<br />
<br />
if (sa.GetDim() != 1)<br />
AfxThrowOleDispatchException(1002, <br />
"Type Mismatch in Parameter. Pass a one-dimensional array");<br />
<br />
try <br />
{<br />
sa.GetLBound(1, &lLBound);<br />
sa.GetUBound(1, &lUBound);<br />
<br />
sa.AccessData((LPVOID*)&pbstr);<br />
<br />
cElements = lUBound-lLBound+1;<br />
for (int i = 0; i < cElements-1; i++)<br />
{<br />
wsprintf(buf, "%s", OLE2T(pbstr[i]));<br />
OutputDebugString(buf);<br />
}<br />
<br />
sa.UnaccessData();<br />
}<br />
catch (COleException *pEx)<br />
{<br />
AfxThrowOleDispatchException(1003, <br />
"Unexpected Failure in FastSort method");<br />
pEx->Delete();<br />
}<br />
}
Code above shows how to retrieve the VARIANT with array type and access via sa.AccessData((LPVOID*)&pbstr). The pbstr the void* pointer.
I guess there is no easy way out. If you still like the operator[] overload. Try to write your own class by inherit this COleSafeArray;)
|
|
|
|