0

Hello fellow developers,

I'm trying to map an executable binary file on Windows and then to execute the mapped file.

So far, I managed the mapping using CreateFileMapping and MapViewOfFile. These functions gave me a HANDLE to the mapped file and a pointer to the mapped data but I have no clue how to execute the mapped binary. I think I should use the CreateProcess function but what should it be given as parameters ?

char *binaryPath = "C:/MyExecutable.exe";

// Get the binary size
std::fstream stream(binaryPath, std::ios::in | std::ios::binary);
stream.seekg(0, std::ios::end);
unsigned int size = stream.tellg();

// Create a mapped file in the paging file system
HANDLE mappedFile = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_EXECUTE_READ, 0, size, NULL);

// Put the executable data into the mapped file
void* mappedData = MapViewOfFile(mappedFile, FILE_MAP_READ | FILE_MAP_EXECUTE, 0, 0, size);

stream.read((char*)mapping, size);
stream.close();

// What should I do now ?
Jelly
  • 120
  • 1
  • 7
  • You can't do it (there are theoretically possible things that resembles your question but still aren't what you want). What's wrong with executing a file as such without mapping it, with e.g. `CreateProcess`? – Anton Kovalenko Feb 13 '13 at 14:14
  • I tried the approach described [here](http://www.rohitab.com/discuss/topic/31681-c-run-program-from-memory-and-not-file/) (forking on Windows) but never met success. What's wrong with the "from file only" execution ? Nothing but I find it's an interesting subject ^^ – Jelly Feb 13 '13 at 14:18
  • If the executable data is mapped, shouldn't it be considered as a regular file by Windows, hence executable "like a file" ? – Jelly Feb 13 '13 at 14:22
  • 1
    @Jelly: No. In order to actual run an executable in memory, there are various references that have to be resolved (DLL references, lookup tables, etc) before the executable will work correctly. You can't just load the image into memory and run it as-is. That is why the OS has an .exe loader to begin with. – Remy Lebeau Feb 13 '13 at 14:45
  • I agree with what has been said but I thought that a mapped **file** could be used as a regular file by the OS, albeit being stored in the RAM. What is the use of the `PAGE_EXECUTE_READ` and `SEC_IMAGE` options available for the `CreateFileMapping` function then ? – Jelly Feb 13 '13 at 15:41

1 Answers1

0

There is no native way to run a raw executable image that resides in memory. CreateProcess() is the official way to run an executable image, but the image must reside on the file system instead. The OS loads the image into memory and then patches it as needed (resolves DLL references, etc) so it will actually run correctly.

With that said, I have seen third-party code floating around that duplicates what the OS does when it loads an executable image into memory. But I've only ever seen that used with DLLs (so code does not have to use LoadLibrary/Ex() to use a DLL in memory), not with EXEs.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770