1

I am trying to write a program to read a binary file from memory execute it and exit but the OS doesn't seem to let me execute it from memory, the entire point of this exercise is to load a binary file with no header into memory.

This is my code for the binary file:

push eax

mov eax,3
mov edi,eax
sub eax,edi


pop eax
leave
ret

And my loader is as follows:

int main(int argc, char **argv){
    void (*ptr)(void);
    FILE *fo = fopen(argv[1],"r");
    int l = fseek(fo,0,SEEK_END);
    fread((void*)ptr,l*sizeof(char),1,fo);
    ptr();
    return 0;
}

I know I am probably going about this the wrong way.

Improve this question
5
  • Even if you could just read a file in memory and the entry point was at offset 0 (which it certainly isn't), you still didn't allocate any memory for the pointer, so fread() writes to a bogus location. That's undefined behavior. Commented Jul 26, 2015 at 15:59
  • Also note that many virus scanners' heurstic algorithm would like detect that as potentially bad. Commented Jul 26, 2015 at 16:02
  • There is more to executing a binary than just loading and callng it. For good reasons, casting an object ("data") pointer to a function pointer is undefined behaviour in C. The question as such is too broad, as it requires quite some background to explain (you would not have asked if you knew - no offense). Commented Jul 26, 2015 at 16:05
  • What exactly do you mean by a binary file with no header - the text section of an EXE, a DLL, something else? Assuming you were using an assembler/linker that could generate a binary file containing just the assembled instructions you show here, you should indeed be able to allocate an appropriate memory buffer, read the bytes into it, and execute them by jumping to the start of the buffer, but not exactly like you show it here. Obviously the assembly code as it stands doesn't serve any useful purpose either, but I guess it's just a proof of concept. Commented Jul 26, 2015 at 16:18
  • 1
    For Windows, you'd could set debugger privileges for the calling program which could get complicated, or you could create a generic .exe program file, padded with hex CC (int 3) in the code segment for extra space, then replace the file's code segment with the code you want to run, and then just run the program with something like CreateProcess. Commented Jul 26, 2015 at 17:21

2 Answers 2

Reset to default
4

While the code you showed is location independent, so can execute anywhere, it is not the case of memory allocated for data. Actual versions of OS's enforces the memory access protection explicitly denying execution on data memory. But first of all there is a big error in your program, you have not defined any memory for the code you want load:

void (*ptr)(void);  //This allocates only space for a function pointer, but no memory

When reading data from disk it will be write somewhere in memory triggering a memory access fault. To get executable memory from OS you can use functions as VirtualAlloc, and then make the allocated memory executable using other functions as VirtualProtect. Then you must assign to your function pointer the address of executable memory and only at that time read code from disk. This process is often used for malware or code injection, and can work for local or remote processes, that's why I'll not give better explanation. Curiosity is good, but... ;-)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Is it possible? Yes. But as people have commented, there's much more to it than what you're currently going on (even ignoring the pending seg fault in your code). Among other things you should realize that Visual Studio (at least) build programs that by default are explicitly prevented from executing 'data'. See documentation for the /NXCOMPAT flag and Data Execution Prevention

Improve this answer

1 Comment

Regardless of the compiler, Windows is still involved with DEP so you will want to read up on that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.