Store binary code in memory then execute it?

Question

pseudorandom21 166 Practically a Posting Shark

13 Years Ago

Is there a way to store binary code in memory (as a value) then execute it?

For instance if I have an array of bytes I have filled with the binary code of say, a .exe, is it possible to execute it?

c

2 Contributors
4 Replies
3K Views
9 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by gerard4143

Recommended Answers

Answered by gerard4143 371 in a post from 13 Years Ago

Here's an example that displays 'Hello, World!'. Note this will only work on a Linux 64 bit PC.

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

unsigned char mya[] = 	{
			  0x50,0x57,0x56,0x52,0xe8,
			  0x00,0x00,0x00,0x00,0x5e,
			  0x48,0x81,0xc6,0x24,0x00,
			  0x00,0x00,0x48,0xc7,0xc0,
			  0x01,0x00,0x00,0x00,0x48,
			  0xc7,0xc7,0x01,0x00,0x00,
			  0x00,0x48,0xc7,0xc2,0x0e,
			  0x00,0x00,0x00,0x0f,0x05,
			  0x5a,0x5e,0x5f,0x5a,0xc3,
			  0x48,0x65,0x6c,0x6c,0x6f,
			  0x2c,0x20,0x57,0x6f,0x72,
			  0x6c,0x64,0x21,0x0a,0x00
			};
			
int main(int argc, char**argv)
{ …

Jump to Post

All 4 Replies

gerard4143 371 Nearly a Posting Maven

13 Years Ago

Here's an example that displays 'Hello, World!'. Note this will only work on a Linux 64 bit PC.

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

unsigned char mya[] = 	{
			  0x50,0x57,0x56,0x52,0xe8,
			  0x00,0x00,0x00,0x00,0x5e,
			  0x48,0x81,0xc6,0x24,0x00,
			  0x00,0x00,0x48,0xc7,0xc0,
			  0x01,0x00,0x00,0x00,0x48,
			  0xc7,0xc7,0x01,0x00,0x00,
			  0x00,0x48,0xc7,0xc2,0x0e,
			  0x00,0x00,0x00,0x0f,0x05,
			  0x5a,0x5e,0x5f,0x5a,0xc3,
			  0x48,0x65,0x6c,0x6c,0x6f,
			  0x2c,0x20,0x57,0x6f,0x72,
			  0x6c,0x64,0x21,0x0a,0x00
			};
			
int main(int argc, char**argv)
{
  void *addr = (void*)((unsigned long)mya & ((0UL - 1UL) ^ 0xfff));/*get memory page*/
  int ans = mprotect(addr, 1, PROT_READ|PROT_WRITE|PROT_EXEC);/*set page attributes*/
  if (ans)
  {
    perror("mprotect");
    exit(EXIT_FAILURE);
  }
  
  ((void(*)(void))mya)();/*execute array*/
  
  return 0;
}

Edited 13 Years Ago by gerard4143 because: n/a

pseudorandom21 commented: Absolutely good, hard to find this information too. +1

ebrahim.amq commented: Hello dear , Please tell me how did you get the raw code of the function? +0

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Hello dear , Please tell me how did you get the raw code of the function?

gerard4143 371 Nearly a Posting Maven · Answer 1 · 2011-03-14T03:00:24+00:00

You'll have to change the memory attributes of the array to read and execute and then point the instruction pointer at it.

pseudorandom21 166 Practically a Posting Shark · Answer 2 · 2011-03-14T04:46:47+00:00

Forgot to mention I'm using Windows.

Also, what is the reason for bitwise AND'ing the address of the array with -1UL then XOR'ing it with 0xfff ?

gerard4143 371 Nearly a Posting Maven · Answer 3 · 2011-03-14T06:21:52+00:00

Memory pages on my system are 4096 bytes which is 0xfff so that line of code is getting the address of the memory page that contains the array mya. Why you ask? The mprotect() function requires that the address past to it be aligned on a page boundary.

Store binary code in memory then execute it?

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers