Re: Loading EXE files directly from memory?

From: Krugger (merc4krugger@gmail.com)
Date: Wed Dec 06 2006 - 05:33:30 EST

• Next message: killy: "Re: Re: Default passwords dictionary"
• Previous message: killy: "Re: LAN pen test"
• In reply to: Justin Ferguson: "Re: Loading EXE files directly from memory?"
• Next in thread: Esteban Lucena: "Re: Loading EXE files directly from memory?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You should have a look at UPX (upx.sourceforge.net), it does have a
in-place execution feature that seems to be what you are looking for.
Basically it compresses an exe and then sticks a decompression code in
front of it and it allows to decompress and execute the exe in place
without generating files. At least that is what it looks like from
their description. Source is provided, so you can take a look. :)

If you are writing some sort of virus like thing, remember that
signature scans will pick up the decompression or decryption part if
you don't do something about it.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: killy: "Re: Re: Default passwords dictionary"
• Previous message: killy: "Re: LAN pen test"
• In reply to: Justin Ferguson: "Re: Loading EXE files directly from memory?"
• Next in thread: Esteban Lucena: "Re: Loading EXE files directly from memory?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:25 EDT