can i save/copy a file to the memory
then i open it with ShellExecute for example ?

i mean dealing with the memory as harddisk ?
Posted on 2002-06-05 11:51:51 by Sa6ry
Shell execute wouldn't allow you to do this since it expects a path name and then loads it. The Only way I can think of to do this would be to.

    [*]Save the file in memory
    [*]Emulate the actions of the PE loader.
    Fill in imports do fixups etc
    [*]Have your loader program spawn a thread wich jumps to the Ininial IP specified in the programs.
    [*]Maybe modify the programs inport table so that ExitProcess points back to your threads procedure and can close the loader program

    Not an easy job
    EDIT
    I'm not even sure that it wold work doing it like that.
Posted on 2002-06-05 12:01:11 by Kudos
I'm curious as to why you'd wish to do this.
Do you wish to code some kind of debugger or realtime patch?
Or some kind of custom ramdrive?
Or something else entirely?
Posted on 2002-06-05 14:14:17 by Homer
hi EvilHomer2k

nothing was in my mind.

but in the old days when i was playing with trojan. and exe joiners.

i wonder why they write the exe files in temp directly then execute it.

why they don't write it to memory then execute it .

silly :grin:
Posted on 2002-06-06 07:34:17 by Sa6ry
>but in the old days when i was playing with trojan. and exe joiners.


Don't even think about this topic on our board.
Posted on 2002-06-06 07:48:04 by bazik
hi baZik

i found nothing wrong from thinking how evil programs work. !!!

i never spread a virus . because only devils do this.

i still remember when i bought my computer from 2 years and was thinking what is the computer virus and how it work .

i started learning assembly in fact to *learn* how virus work, i discover then how assembly is interesting.

in the same time , i never spread a virus, after learning.

i am searching for the knowledge only, as i hate black boxes.

so don't got me wrong.
Posted on 2002-06-06 08:06:36 by Sa6ry
Sa6ry,

I am sure you mean well but in this world, good intentions are not enough and dabbling with this stuff is now illegal so as bAZiK has asked you, please keep all of this stuff out of here.

Regards,

hutch@movsd.com
Posted on 2002-06-06 10:17:46 by hutch--