C ++ byte array in memory
I am trying to work on what I think is called a launcher? The concept is to write the entire binary to a buffer and then load the buffer into memory. I saw this code bouncing a lot (I wrote an exe so I have access to the code inside it.):
//HardCoded Binary For testing Reason, reading to launch didn't work neither did this
char RawCode[11414] = {
0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xFF, 0xFF, ............................................... 0x00, 0x00,
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}
//Main Function
int main(int argc, char* argv[])
{
int(*f)();
f = (int(*)())&RawCode;
(int)(*f)();
}
My initial thought was that maybe the empty bytes were doing an access violation. So after some research I came across a message box silk code formatted as "/x41/x41/.......x41/" with no null bytes and still it didn't work. I'm kind of lost because there is little information about it. Does anyone have links to some good articles or helpful tutorials as none of the ones I found helped a lot. Thanks everyone for your time!
source to share
For quite some time now, all modern operating systems have implemented some form of data execution prevention . This means that you cannot just put the code somewhere in memory and run it; the memory area must be marked to allow execution first. The reason is security - it is much more difficult to exploit what would otherwise be a remote code execution vulnerability.
This also means that you have to think long and hard before trying something stupid like this, because it rips a giant hole in your operating system trying to protect you.
So, before you can run code from memory, you must specify the appropriate region as executable.
On Windows, this can be done using a function VirtualProtect
. However, this cannot be done for arbitrary memory areas; it should be aligned on the page borders and the pages should be highlighted the same VirtualAlloc
. So you end up with
DWORD old_protect;
LPVOID executable_area = VirtualAlloc(NULL, 11414, MEM_RESERVE, PAGE_READWRITE);
memcpy(executable_area, Rawcode, 11414);
VirtualProtect(executable_area, 11414, PAGE_EXECUTE, &old_protect);
int(*f)() = (int(*)()) executable_area;
f();
// Note: RAII this in C++. Restore old flags, free memory.
VirtualProtect(executable_area, 11414, old_protect, &old_protect);
VirtualFree(executable_area, 11414, MEM_RELEASE);
source to share
First, does your array contain an executable representation or does it contain executable machine code? If the former, it probably won't work: most executable file formats start with various metadata that the OS uses to load the program; the executable machine code appears later in the file.
Second, is your system using something similar to DEP? Your OS is probably marking the array as non-executable, so trying to execute it will fail.
source to share
(Sorry for the late reply)
Executing bytes from an array is a BAD idea. It is not a cross platform and it poses huge security risks.
A safer way to execute external code is with a byte code interpreter. You can restrict access to the program only to what it needs. The downside is that you either have to write your own compiler or write the byte source code in yourself.
A good tutorial can be found here: http://gameprogrammingpatterns.com/bytecode.html
Another less secure solution would be to use a DLL. (Dynamic Linked Library) This way you don't need to write your own compiler.
source to share