Run compiled code from a string?

General FreeBASIC programming questions.
sebastiannielsen
Posts: 4
Joined: Aug 17, 2008 15:07

Run compiled code from a string?

Postby sebastiannielsen » Aug 17, 2008 15:14

How I do to run compiled code from a string?

Lets say I compile applicationA.bas intro ApplicationA.exe
Now I use binary read to read in the whole ApplicationA.exe into a string.

Then I want to "run" the code in the string like I would have doubleclicked ApplicationA.exe. (Without writing the contents of the string to disk).

How can this be done?
vdecampo
Posts: 2982
Joined: Aug 07, 2007 23:20
Location: Maryland, USA
Contact:

Postby vdecampo » Aug 17, 2008 15:19

I think you would have to write an emulator for the particular platform you want the app to run on. This would have to simulate the processor, hardware, and operating system.

Unless I am completely misunderstanding your question.

Cheers!
-Vince
sebastiannielsen
Posts: 4
Joined: Aug 17, 2008 15:07

Postby sebastiannielsen » Aug 17, 2008 15:23

what I want to do, is to load the string with compiled code into memory, and jump to that point in memory, so the compiled code is ran.

In .NET you can just run Assembly.Load( <string with compiled code> )
vdecampo
Posts: 2982
Joined: Aug 07, 2007 23:20
Location: Maryland, USA
Contact:

Postby vdecampo » Aug 17, 2008 15:50

According to Microsoft, the method Assembly.Load uses an Assembly Class as the object which is a pre-compiled set of instructions which uses the CLR but not a complete executable, which is basically like creating a DLL. In FreeBASIC, you can load the DLL with the DyLibLoad function and then call the functions.

-Vince
marcov
Posts: 2806
Joined: Jun 16, 2005 9:45
Location: Eindhoven, NL
Contact:

Postby marcov » Aug 17, 2008 16:10

sebastiannielsen wrote:what I want to do, is to load the string with compiled code into memory, and jump to that point in memory, so the compiled code is ran.

In .NET you can just run Assembly.Load( <string with compiled code> )


There are a lot of aspects to this, and your example is also faulty, NGen the assembly, and retry and you'll see it will fail. IOW IL assemblies are compiled code, but not to assembler level, but half digested to something that can be jitted.

In theory you should be able to do this for PIC code, which you write into mem using mprotect.

However that is odd ball use, and not something to generally use, since Antivirusses and other security technologies will frown upon it (since it is effectively code injection)
jevans4949
Posts: 1148
Joined: May 08, 2006 21:58
Location: Crewe, England

Postby jevans4949 » Aug 17, 2008 16:25

Is there a reason you can't use EXEC in this situation?

If you need to do this, take a look at the section of FB Help entitled "Pointers to procedures" You could possibly make a union of one of these and a Zstring Ptr, set the zstring pointer using strptr() function and execute the sub.
sebastiannielsen
Posts: 4
Joined: Aug 17, 2008 15:07

Postby sebastiannielsen » Aug 17, 2008 17:21

What I want to do, is to load the EXE as a string, then encrypt the EXE, and then output the string.

What I then want to do, is a application, which has the encrypted EXE in base64 format as a string constant.

Then the application will ask the user for a password, and then decrypt the string using the password, and if the decryption was sucessfull, the application should place the decrypted content into memory and execute it.

So If I compile this code:

print "Hello World"
print 10 + 7

into a EXE. Then I load in the EXE into a string, and then encrypt it, and the output the encrypted result.

If I then paste the encrypted result as a constant in my application and then run it, it shoud look like this:

Please provide password:> test
Access is granted

Hello World
17

It is acceptable if the 2 last lines come up in a new window (since a new EXE is launched), but I would prefer they show up in the same window.


Please note: the encrypted application in this example is only a example. This means its not acceptable to just encrypt the Hello world and the 10 and 7 strings. Just think about a calculator application or parsing application, and I just want to encrypt the whole application.

It is also acceptable If I need to put the
print "Hello World"
print 10 + 7

into a subroutine, and then compile into a DLL, put that DLL through encryptor, and then put that string into my app.

Then Ill need to decrypt and load the DLL into memory without writing it to disk, and then call the subroutine in the DLL.
voodooattack
Posts: 605
Joined: Feb 18, 2006 13:30
Location: Alexandria / Egypt
Contact:

Postby voodooattack » Aug 17, 2008 22:14

Most people will argue that this is impossible, but here's a method that uses a custom loader to load your DLLs from memory, which involves relocating the DLL and aligning it in memory apart from the host operating system's PE loader:
http://www.joachim-bauch.de/tutorials/l ... emory.html

and here's the full FB example (along with header and static library):
http://www.mediafire.com/?xcfha1pjfqk

Please read the notes on the original page regarding usage.

Edit: and if you use that in conjunction with IncFile() [search forums] it might prove to be very useful, since I wouldn't recommend using strings to store binary (and especially executable) data.
sebastiannielsen
Posts: 4
Joined: Aug 17, 2008 15:07

Postby sebastiannielsen » Aug 18, 2008 7:13

>>I wouldn't recommend using strings to store binary (and especially executable) data

What should I use instead to store the binary/executeable data? I dont want to store it on disk for security reasons.
marcov
Posts: 2806
Joined: Jun 16, 2005 9:45
Location: Eindhoven, NL
Contact:

Postby marcov » Aug 18, 2008 8:14

sebastiannielsen wrote:>>I wouldn't recommend using strings to store binary (and especially executable) data

What should I use instead to store the binary/executeable data? I dont want to store it on disk for security reasons.


Something array of byte like. Then you don't risk accidentally doing string operations that maim them.
voodooattack
Posts: 605
Joined: Feb 18, 2006 13:30
Location: Alexandria / Egypt
Contact:

Postby voodooattack » Aug 18, 2008 13:50

sebastiannielsen wrote:>>I wouldn't recommend using strings to store binary (and especially executable) data

What should I use instead to store the binary/executable data? I don't want to store it on disk for security reasons.


You can use two acceptable methods to handle them:

* Byte Arrays.
* Memory buffers: Allocate/Callocate

As for storage, according to what you said, you're trying to embed the data statically into the final executable, and to do that you can use:

* DATA statement: you'll have to use an external tool to convert the binary file into DATA statements, and paste them into your module's code directly, to read the buffer you'll have to use READ at run-time to copy it to a new buffer, too much overhead for both run and compile-time imo.

* Windows resource scripts: might be acceptable, but that would also expose the file you're storing to a more computer-savvy user.

* Object File: use an external tool to convert your file into a linkable object file, and use EXTERN to access it from other modules. (acceptable solution, no overhead, etc.)

I clearly prefer the last solution, you can write a small tool to encrypt your guest DLL before compiling your application, then have it stored in the final EXE's memory that way, no run-time loading, and much faster compile-time.

Finally, here's something to do the whole thing through FreeBASIC, a solution derived from #3, but with no need for external tools, just copy the IncFile.bi header from this thread:

http://www.freebasic.net/forum/viewtopi ... 04&start=0

and now save it, then compile this:

Code: Select all

   
    ' Compile TestDll.bas first..
   
    #include "MemoryModule.bi"
    #include "incfile.bi"
   
    IncFile(DLLDATA, "TestDll.dll")
   
    dim myDll as HMEMORYMODULE
    dim addNumbers as function cdecl (byval as integer, byval as integer) as integer
   
    myDll = MemoryLoadLibrary(DLLDATA)
   
    if myDll then
        print "Library load successful.."
        addNumbers = MemoryGetProcAddress(myDll, "addNumbers")
        if addNumbers then
            print "Symbol found.."
            print "Calling addNumbers() from memory:"
            print "10+12="; addNumbers(10,12)
        else
            print "Error obtaining proc address."
        end if
    else
        print "Error loading Library."
    end if
   
    MemoryFreeLibrary(myDll)
   
   


The DLL now resides in the .DATA section of your executable, amongst other data used by your program, you can pass the DLLDATA pointer to a decryption function if you had it encrypted prior to compilation, then load the decrypted DLL normally.

I hope this explains it all.
jofers
Posts: 1525
Joined: May 27, 2005 17:18
Contact:

Postby jofers » Aug 18, 2008 20:39

Given the security concerns, I think it's a bad idea.

Have you looked into scripting libraries such as Lua, if you want user-programmable behavior?

Return to “General”

Who is online

Users browsing this forum: No registered users and 1 guest