by Ion Alex Ionescu (9 Submissions)
Category: Windows API Call/Explanation
Compatability: Visual Basic 5.0
Difficulty: Advanced
Date Added: Wed 3rd February 2021
Rating: 
(37 Votes)
Updated 4/23/2003- Deletes itself from disk and unloads from memory, and then creates a new form from SCRATCH in the remote process, which shows up perfectly. Also shows how to send data to the remote process.
Descritpion: Hey everyone, I've spent over 5 days non-stop coding this piece of code. Basically, it allows you to run your EXE in the memory space of a running process. You could for example run test.exe in the memory of explorer.exe, and then include a module called "DeleteOriginal", which will be run as a thread inside explorer.exe. You could make it delete your original exe, as well as perform any additional tasks. This is called "Process Hijacking" and is an extremly advanced technique, performed till now only in C++ or ASM/Delphi. The original ASM/Delphi code is included, with credits to Aphex. Please please PLEASE do read the comments in the main bas file, they will explain how to get the code to compile properly. The problem for now is that it can only inject code into VB6 executables (you will need to compile a blank project). I am requesting VBC's help on this. Nevertheless, everything till that point works perfectly, and might help some of you. Everything is fully commented, and once again, please read the comments in the bas, they will explain how to get the app to compile.
Download Delete a file in use Run an EXE in another process' memory EXE Hijacking (59 KB)
No comments have been posted about Delete a file in use Run an EXE in another process' memory EXE Hijacking. Why not be the first to post a comment about Delete a file in use Run an EXE in another process' memory EXE Hijacking.
VBcoders