Click here to Skip to main content
15,885,216 members
Search within:


Copy running exe from RAM?
Please Sign up or sign in to vote.
1.00/5 (3 votes)
See more:
C#
Hello,

Is is possible to copy running exe file from RAM and then save it to hard drive and reuse its functionalities?
Posted
Add a Solution

3 solutions

Possible? Probably not.

This is just speculation from my understanding of how the Windows Loader works. You'd have to reconstruct an entirely new .EXE using the code and data you find in memory. An executable is loaded in various segments throughout memory and not all at once either. You will find that an .EXE can be partially loaded into memory without loading the entire thing to start it. The data you're looking at won't be complete so there's really not enough information in memory to rebuild the .EXE accurately.
 
Share this answer
 
Posted
I'm just guessing that you want to bypass security systems on app startup, and this is a way to avoid them - certainly I can't think of any other reason for trying to save a "running exe" to disk and restore it.

And I'm glad to say that it won't work.
An application is not just the memory, the values in that memory are subject to context, and additional information. For example, the Program Counter is not stored in memory while the app is running, it is located in a special register inside the core. And window handle values will not be the same from one run to the next: so the "memory dump" would not refer to the right controls.

Forget it: buy a legit version and stop trying to cheat the developers company.
 
Share this answer
 
Posted
Comments
Zhivko Kabaivanov 11-Sep-15 7:35am    
It's not about hacking or cracking a software. It's for security purposes.
For example I am running exe from a flash drive and on the machine there is something that copies the exe from it, or from the RAM when its executing itself.
Kenneth Haugland 11-Sep-15 8:30am    
I have used some hacks like this before, cheating in a game I have bought. Yes, give me lots of gold :laugh:
I would copy the executable file instead.
If you are really interested at accessing running process memeory, then have a look at the Debugging Functions[^].
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to run an exe file from buffer (data) in RAM?
VC++(MFC ) exe takes lots of RAM memory
How do I run multiple instances of same exe with different parameters in C#
iTextSharp RAM (memory) overflow
Memorystream .netcore run exe file
How to delete running exe.
How to run cpp exe file without showing console
Error on running EXE on another computer
Using asmjit, how can I copy a byte in an exe and run it as a function in another?
Error Running VB2008 Exe( .Net Framework)

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Sep 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900