How can I run an executable from RAM using C++?

Since you're talking about an EXE, I assume you're running under Windows. To my knowledge, Windows can't do this -- your only option is to save the executable back to a file and run that (using CreateProcess, for example). Edit Here is how you would run the process.

In C++: STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si)); si. Cb = sizeof(si); ZeroMemory(&pi, sizeof(pi)); if(!CreateProcess("myfilename. Exe", NULL, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi )) { // An error occurred } In C#: using System; using System.

Diagnostics; Process. Start("myfilename. Exe").

Yesssssssssss you right! How I can use CreateProcess? THANK YOU – Armen Khachatryan Aug 27 '09 at 7:57 please not all problem is I do not have that exe in hard drive, – Armen Khachatryan Aug 27 '09 at 8:00 Are you the author of that other process?

If so, it would be much better to communicate with it so that it writes the resources back to hard disk. Or use the same original resource from hard disk in the first place. – Adrian Grigore Aug 27 '09 at 8:00 1 no dear Adrian, I am not author of other process.

How can I do it in this way? – Armen Khachatryan Aug 27 '09 at 8:05 4 In that case, what you are trying to do is probably illegal... – Adrian Grigore Aug 27 '09 at 8:09.

This sort of things comes normally out of the dark corners of the world. ;-) In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDF site 12f) to get this to work and they tried to find another solution and here it is: They call a normal CreateProcess() with a common program (e.g.Notepad.

Exe), but they start it with ThreadSuspended. Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff.

If you really interested in this part, then you have an idea to search for. And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...

If you mean creating a process on yourself. Than I can only say that I remember of an article, where some smart guys just gave up. Maybe some keywords in my article can help you to find it again.

If you meant to start a process with ThreadSuspended, than go and find out how you inject a new thread into an existing process. Cause this is also not quite easy (but easier than trying to create a process on yourself). – Oliver Mar 22 '10 at 7:39 By the first approach, I meant creating the process myself.

I googled a bit and found this: bytes.Com/topic/python/answers/585637-execute-binary-code pentest.cryptocity. Net/files/exploitation/winasm-1.0.1. Pdf It seems the fork()-like part is hard.

Not sure whether OP needs forking. – jpalecek Mar 24 '10 at 10:22 @jpalecek: Your second link is exactly the document I had in mind when I wrote my answer. I'm going to update it.

– Oliver Mar 24 '10 at 10:50.

That depends on which operating system you are using. In any case, he wikipedia article on Interprocess Communication shows some basic techniques.

The same way you would run it from disk. Your program doesn't know whether it's already loaded (i.e. In RAM) or on disk.

This is abstracted away by the operating system.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.