Re: Execute Stream?

On Wed, 20 Jul 2005 10:14:48 +0200, "didi" <didi@xxxxxxxxxxxxxxx>
wrote:

>Yes the last one is the true purpouse of my interes...
>
>So if my customer will not register then no
>exe will be saved... but he must test it. (trial)
>
>Now you can understand why I search it for.
>
>My first idea was to save it to unknown
>place.. like WIN TEMP creating a labyrint of folders.
>But isn't a good job for client folders...

Let me get this right

You aim to send out an EXE
- within that EXE is embedded another EXE
- you want to dig out the second EXE and unmangle it
- then you want to run it

You know that Windows will happily run a file with any extension ?
- it looks inside the header to determine if it is a PE

Personally I suggest that you convert your second EXE into a DLL
- no great problem there

Then your EXE fishes out the DLL, unmangles it, stores it in the Temp
directory as some .TMP or .$$$ file name, perhaps as two + files

Then you use LoadLibrary on it, invoke procedures in the DLL that
activate Callbacks into your first EXE that confuse the issue so that
it is hard to write a new loader for the DLL.

On termination of the App you do a FreeLibrary and then delete the
file(s) in the Temp directory

Even if someone detects that you've created a .TMP file in the
(perfectly reasonable) Temp directory, and that they've figured that
it is really a DLL in drag, copied the file elsewhere
- they'll still have one heck of a job making the DLL function
- although a lot of the code is in the DLL, vital bits are in the EXE

and it is pretty easy to ensure that the EXE will only work with a DLL
that it just created.

If anyone is good enough to crack that sort of mess, then frankly they
are very smart.

CreateFile also has an interesting Flag : FILE_FLAG_DELETE_ON_CLOSE

There is also something else that is interesting, I've never tried it,
but an EXE can Export functions and can be invoked with LoadLibrary
- not really necessary - but an interesting layer of obfuscation
.

Relevant Pages

  • Re: Editors
    ... some strip them on exe files by default. ... "preferred base address" and, yup, relocations are completely ... DLL files, though, aren't loaded into their own address space but are ... EXE's "entry-point", though, is not "special" in that it's just an ...
    (alt.lang.asm)
  • Re: DLL pass vector by value crash
    ... The prototype for testfunc is a by-value copy, so it has to make a copy of the value. ... Are you using static linking for either the .exe (if so, it probably won't work correctly, ... clearly using the shared CRT DLL for the DLL you are constructing. ... no crash occurs in either config. ...
    (microsoft.public.vc.mfc)
  • Re: DLL pass vector by value crash
    ... stack of the exe and may allocate default member element on the exe heap. ... If this is a dangerous situation, the simple app I set up calling testFunc() ... in a dll did not crash. ... msvcr90.dll!free and access the source code of free.c. ...
    (microsoft.public.vc.mfc)
  • Re: Using same interfaces for in-proc vs. out-proc
    ... for each server) might work better after all. ... TLB,>you reference it in VB and gain access to all ... both EXE and DLL versions must use the same source code; ...
    (microsoft.public.vc.atl)
  • Re: Releasing my VB.NET app over the intranet
    ... of the primary EXE and when compiled I am copying the contents ... the directory and open a browser on the web server and type ... > another dll, we need to put the dll in the same directory, so that the clr ... > The executable will be downloaded to the assembly download cache on the ...
    (microsoft.public.dotnet.framework)