Penetration Testing mailing list archives
Re: Loading EXE files directly from memory?
From: Krugger <merc4krugger () gmail com>
Date: Wed, 6 Dec 2006 10:33:30 +0000
You should have a look at UPX (upx.sourceforge.net), it does have a in-place execution feature that seems to be what you are looking for. Basically it compresses an exe and then sticks a decompression code in front of it and it allows to decompress and execute the exe in place without generating files. At least that is what it looks like from their description. Source is provided, so you can take a look. :) If you are writing some sort of virus like thing, remember that signature scans will pick up the decompression or decryption part if you don't do something about it. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Loading EXE files directly from memory? Jeroen (Dec 03)
- Re: Loading EXE files directly from memory? Peter Parker (Dec 04)
- RE: Loading EXE files directly from memory? Omar Herrera (Dec 05)
- Re: Loading EXE files directly from memory? Justin Ferguson (Dec 05)
- Re: Loading EXE files directly from memory? Krugger (Dec 07)
- Re: Loading EXE files directly from memory? Esteban Lucena (Dec 05)
- Re: Loading EXE files directly from memory? dork (Dec 07)
- RE: Loading EXE files directly from memory? Marc Doudiet (Dec 17)
- Re: Loading EXE files directly from memory? Peter Parker (Dec 04)