I'm trying to run an exe file that is inside the resource file. Is it possible ??? :stupid:

Thanks
Posted on 2002-12-23 15:01:00 by HermanT
look here
Posted on 2002-12-23 15:38:12 by Hiroshimator
Hi Hiro,

Thanks for your reply:) but it's not what I'm looking for. I already read the thread before I post this question.

What I want is running the exe resource file directly from the memory without the need to create the file first.

I tried using Find, Load, And Lock Resource (put into pRes). Then I call the pRes + 400h. It does the call but apparently all the variables, also jmp and call instruction still pointing into the first Instance. So how can I shift all those pointer with + 400h ? Can I do it ?? :(
Posted on 2002-12-23 16:02:35 by HermanT
you need to relocate the executable and process imports as well.
There's a whole lot of stuff to do... get hold of the PE format (there's
a lot of different docs, get them all. Most of them have various small
inaccuracies). You might also want to look at source code for exe
compressors and encryptors.
Posted on 2002-12-23 16:19:37 by f0dder
what you trying to do is very hard, (should I say impossible)
you cant just call <offset where you load your PE file>
becouse on that offset there is no program code, but PE header

basiclly to do this one would need to create PE loader, like windows one, which will after mapping PE file into memory do other unnecessary stuff like updating import table, fixing memory jumps/calls, process relocate section if needed etc
This is really a lot of work, and also I dont think that there is PE loader for win32 source aviable from which you can learn

but you can learn more about PE file type in icezelion PE tutorial on other documents by variuos authors, I recommend Matt Pietrek's doc
Posted on 2002-12-23 16:20:41 by Mikky
:)
Thanks f0dder and Mikky

Maybe the relocation things that i'm missing. It's really a hard work to do for me


Mikky:
you cant just call <offset where you load your PE file>
becouse on that offset there is no program code, but PE header


This is not that I want to argue with you, but the PE header is pointed by pRes and by default all exe program start in 400h (I looked from HexEditor). So when the call made to pRes + 400h, it is where the program start. And I also debug my program. It is the first line where my program goes. But maybe I am missing (again) something here
Posted on 2002-12-23 16:44:03 by HermanT

This is not that I want to argue with you, but the PE header is pointed by pRes and by default all exe program start in 400h (I looked from HexEditor). So when the call made to pRes + 400h, it is where the program start. And I also debug my program. It is the first line where my program goes. But maybe I am missing (again) something here

the code section of some pe file may start at 400h, but the program's entry point may be located anywhere else is the file (so you need to check the pe header/object table).
Posted on 2002-12-23 17:50:45 by Tola
:o Yes Tola, you are correct :alright:

That's the missing things :grin:

Thank's for clearing it up
Posted on 2002-12-23 18:01:03 by HermanT