无痕客

落花无情,流水无痕……

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::

Application from Memory

C#.NET can launch applications from memory very easily through Reflection. Launching an exe from memory instead of directly is done for a variety of reasons.

For example, some applications are stored encrypted and are decrypted by a launcher that then runs the decrypted application in memory. In this article we'll focus on the executing application part.

The EXE

The this particular method it is absolutely required that the application (exe) be written in .NET (C#, VB, etc.). The reason being Reflection works only on .NET assemblies.

Also loading an application into memory gets complicated when there are dependencies. For our purposes, we will use a very simple C# application that would run without any dependencies.

Launcher

The first part of the launcher is to edit its Main method (usually found in Program.cs). Instead of running a Windows Form, change the body of the method to a single line that calls our executing function.

The full source code for the executing function is in the download, here let's go over the general steps to launch the C# assembly from memory.

Since the application will be loaded by the launcher, it is an internal resource of the launching application. Internal resources in .NET are named with the following notation: [Executing Assembly's Name].[Resource's Name]. So as you would expect, the first step is to get the launcher's name.

 

While we could write down the name during coding, it is better practice to find the name during runtime incase it was changed (in case of obfuscation for example).

Once we have the full resource name, you will need to use a Stream to dump the raw contents of the resources into a byte buffer. This is because .NET Reflection provides us with a function to load an Assembly from a byte buffer. (Assembly.Load() to be exact).

Finally the new loaded application can be executed with [assembly].EntryPoint.Invoke. If you wanted to pass any parameters to the internal exe that would be the place to do so.

Internal Resources

A very important step is adding the application that is going to be run from memory as an embedded resource. On any C# Project, go to the menu Project and click on Add Existing Resource... Now find the exe that will be loaded from memory.

Here is the important step, find the file you just added on the Solution Explorer. Right click and it and view its Properties. On the property called Build Action make sure its set to Embedded Resource. If it's not the executing function will fail because it won't find the exe as an internal resource.

Uses and Limitations

One use for launching an application from memory in C# is to prevent people from decompiling the application. A curious programmer would decompile the launcher and only get the launcher's source code. The memory application would remain hidden. Of course, if the memory application is encrypted, it can stop more advanced users from decompiling it.

However running applications in memory is far from secure. People with a slight bit of knowhow can dump programs from memory. Which means they can get their hands on the exe being launched from memory.

Finally, running .NET applications in memory gets tricky very fast. Only the simplest applications are more or less guaranteed to run as they normally would. Once dependencies and more advanced interactions are added, the technique described here to launch an exe from memory will no longer be effective. However it's a good start...

转载:http://www.vcskicks.com/exe-from-memory.php

posted on 2010-01-31 00:54  无痕客  阅读(961)  评论(0编辑  收藏  举报