0

Is there a way to store binary code in memory (as a value) then execute it?

For instance if I have an array of bytes I have filled with the binary code of say, a .exe, is it possible to execute it?

2
Contributors
4
Replies
9
Views
6 Years
Discussion Span
Last Post by gerard4143
1

You'll have to change the memory attributes of the array to read and execute and then point the instruction pointer at it.

1

Here's an example that displays 'Hello, World!'. Note this will only work on a Linux 64 bit PC.

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

unsigned char mya[] = 	{
			  0x50,0x57,0x56,0x52,0xe8,
			  0x00,0x00,0x00,0x00,0x5e,
			  0x48,0x81,0xc6,0x24,0x00,
			  0x00,0x00,0x48,0xc7,0xc0,
			  0x01,0x00,0x00,0x00,0x48,
			  0xc7,0xc7,0x01,0x00,0x00,
			  0x00,0x48,0xc7,0xc2,0x0e,
			  0x00,0x00,0x00,0x0f,0x05,
			  0x5a,0x5e,0x5f,0x5a,0xc3,
			  0x48,0x65,0x6c,0x6c,0x6f,
			  0x2c,0x20,0x57,0x6f,0x72,
			  0x6c,0x64,0x21,0x0a,0x00
			};
			
int main(int argc, char**argv)
{
  void *addr = (void*)((unsigned long)mya & ((0UL - 1UL) ^ 0xfff));/*get memory page*/
  int ans = mprotect(addr, 1, PROT_READ|PROT_WRITE|PROT_EXEC);/*set page attributes*/
  if (ans)
  {
    perror("mprotect");
    exit(EXIT_FAILURE);
  }
  
  ((void(*)(void))mya)();/*execute array*/
  
  return 0;
}

Edited by gerard4143: n/a

Votes + Comments
Absolutely good, hard to find this information too.
0

Forgot to mention I'm using Windows.

Also, what is the reason for bitwise AND'ing the address of the array with -1UL then XOR'ing it with 0xfff ?

Edited by pseudorandom21: n/a

0

Memory pages on my system are 4096 bytes which is 0xfff so that line of code is getting the address of the memory page that contains the array mya. Why you ask? The mprotect() function requires that the address past to it be aligned on a page boundary.

Edited by gerard4143: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.