Results 1 to 13 of 13

Thread: Running QByteArray executable data direclty in QProcess without running external file

  1. #1
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Exclamation Running QByteArray executable data direclty in QProcess without running external file

    Hello,
    This is my second thread, totally different issue.

    I want to use QProcess to execute an executable data stored in QByteArray, taken from a hex.

    NOTE: when I use QFile to output the data into .exe, the exe will run perfectly.

    But I don't want to write it out, I only want to execute it internally in the program.

    If QProcess won't do it, please tell me what will do it.

    Thanks,
    Vladimir.

  2. #2
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,734
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Nothing in Qt I am aware of. You might be able to do something with low level Windows Api calls, but you will most likely fall foul of data execution prevention.. Why not just write the code to a QTemporaryFile?

  3. #3
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Ok, does QTemporaryFile uses the QByteArray ? I didn't find a way to use my hexadecimal data in it.

    If yes, can you please provide me with the solution you offer ?

    Thank you.
    Vladimir.


    Added after 1 53 minutes:


    I can't use QTemporaryFile , because I don't want to make an EXTENAL file at all, I want to process the code locally.
    Last edited by Vladimir_; 16th September 2014 at 02:15.

  4. #4
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    in normal c++ i can use this:
    ((void (*) (void))buf)();

    while buf is an array of exadecimals (0xaa, 0xbb ..etc)

    how can i do that in Qt !!

  5. #5
    Join Date
    Sep 2009
    Location
    Wroclaw, Poland
    Posts
    1,393
    Thanked 342 Times in 324 Posts
    Qt products
    Qt4 Qt5
    Platforms
    MacOS X Unix/X11 Windows Android

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Qt is "normal C++". If you need to "extract" raw char * data from QByteArray, use QByteArray::data() or QByteArray::constData() methods.

  6. #6
    Join Date
    Jan 2006
    Location
    Graz, Austria
    Posts
    8,419
    Thanks
    37
    Thanked 1,546 Times in 1,496 Posts
    Qt products
    Qt3 Qt4 Qt5
    Platforms
    Unix/X11 Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Quote Originally Posted by Vladimir_ View Post
    Ok, does QTemporaryFile uses the QByteArray ?
    Well, obviously, it inherits QFile, doesn't it?

    Cheers,
    _

  7. #7
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    If you need to "extract" raw char * data from QByteArray, use QByteArray::data() or QByteArray::constData() methods.
    if see my previous post you'll know why I can't use QByteArray::data() .

    The code I wrote is as follows:
    Qt Code:
    1. char buf[] = {
    2. "0x00", "0x11", "0x22" // incredibly LONG array that sometimes cause the crush of QtCreator
    3. };
    4. ((void (*) (void))buf)();
    To copy to clipboard, switch view to plain text mode 

    but when I do it, the softwae I compile will crush at start.

    I tried it in Dev-c++ and everything goes alright. Maybe I need a SMALL array of a small program to try it. -I DIDN'T FIND IT-
    and I'm using static compiling, so atleast 7MB for the program i create even if it was "hello world".

    Cheers,
    Vladimir.

  8. #8
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    The operation is called: In-memory execution

    and I have included ELF binary as an internal function.

    Now the issue is more in C++ than in Qt, so if anybody got C++ knowledge please don't hesitate to give me a hint about this.

  9. #9
    Join Date
    Jan 2008
    Location
    Alameda, CA, USA
    Posts
    4,969
    Thanks
    277
    Thanked 808 Times in 797 Posts
    Qt products
    Qt5
    Platforms
    Windows Android

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Interesting to note that if you Google "in-memory execution" many of the hits talk about how this is exploited in malware. Maybe you should explain why you want to know how to do this, and why some of the solutions proposed (like writing to a temporary file, then running that) won't work for you. It almost sounds like you want your program to be able to do something without anyone knowing that it is happening, and that is sort of suspicious, don't you think?

  10. #10
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,734
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Quote Originally Posted by Vladimir_ View Post
    in normal c++ i can use this:
    ((void (*) (void))buf)();

    while buf is an array of exadecimals (0xaa, 0xbb ..etc)

    how can i do that in Qt !!
    If the buf contains the binary of a Windows executable I expect that this would fail in any standard C++, although Windows does occasionally surprise. Buf would have to contain the binary of a lone C++ function accepting no parameters and returning no value. You might as well build that into your program rather than go this roundabout fashion.

    How about you tell us what you are trying to achieve with this rather than how you have decided to try to achieve it.

  11. #11
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    Okay guys,
    I coded a malware (educational purpose) and I wanted to make a magic trick.
    I will bind some executables automatically with a pogram that vary from one to another in each executable injected.

    that file which vary, has something static.. is the data to be downloaded as a base64, afte decoding it become hex, then a function that will return an array of something like 0x11 ..etc , then execute it in memory.
    Just the last step is missing.

    That's all I will do. This is my first time using Qt, so I hope you help for education's sake.

  12. #12
    Join Date
    Sep 2014
    Posts
    31
    Thanks
    2
    Qt products
    Qt4
    Platforms
    Windows

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    I found out why: DEP (Data Execution Prevention)

    confirmed. aaaand bypassed.

  13. #13
    Join Date
    Jan 2008
    Location
    Alameda, CA, USA
    Posts
    4,969
    Thanks
    277
    Thanked 808 Times in 797 Posts
    Qt products
    Qt5
    Platforms
    Windows Android

    Default Re: Running QByteArray executable data direclty in QProcess without running external

    aaaand bypassed.
    Good for you. And if your malware finds its way onto my computer, I'll do my best to help them put you in jail.

Similar Threads

  1. Replies: 2
    Last Post: 5th December 2010, 06:05
  2. Replies: 12
    Last Post: 11th September 2010, 01:39
  3. Replies: 2
    Last Post: 5th August 2010, 10:18
  4. QProcess running batch file
    By Vit Stepanek in forum Qt Programming
    Replies: 1
    Last Post: 22nd June 2010, 14:23
  5. Replies: 5
    Last Post: 17th March 2010, 18:30

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.