Hi everyone! As you must know (or not ), I'm helping Cody with the Office Toolkit, and now I'm facing this problem. Anyone knows how can I execute a non .NET exe from memory? I know this can be done with Reflection for .NET applications, but I haven't found a way to do this for the Keygen.exe from ZWT (the KMS emulator). Thanks in advance!
It seems like it was possible to launch an unmanaged executable directly from memory in Windows XP and older, due to "a security hole" which was fixed in Vista. So as far as I have understood it (please correct me if I'm wrong), we can no longer do it this way (since we would then bypass all security mechanisms in the OS). Even if it was possible, we would probably get kicked from behind by DEP. On the other hand, doing the same thing with DLLs IS possible even today (AutoIt example). You're essentially recreating LoadLibrary() to do what we want. Thinking of this, it has to be possible somehow to load executables, but it probably requires Massive use of Interop and complex undocumented APIs. I think you might find the unexpected meeting with a baseball bat considerably more comfortable. But theoretically speaking, maybe a RAM-drive would serve the same purpose? I don't know whether it's possible to "mount" a RAM-drive without a drive letter, and would this make the AV's shut up about the KMS? This might be worth looking into. (Is this how you did it Phazor?) I'll let you know if I get a revelation
Hi Thanks you "CODYQX4" for the code. Igot it to work but windows immediately closes the memory application. I have Windows 7 system. Can you please help me out for this. Regards
Yep, any valid PE console application can be injected with this code... If have an "Any CPU" compilation, the code will write a x64 tables in the memory, won't work...