A C++ project for loading and executing Windows .exe binaries directly from memory using PE header parsing and in-memory relocation. This tool is ideal for experimentation with fileless binary execution and studying Windows PE internals.

• Load .exe binaries from a C++ array (no file on disk)
• Parse and handle PE headers
• Support for relocations and imports
• Executes the entry point of the loaded executable
• Works with GUI and console applications
• Cross-compilation support with MinGW (for Windows)

1. Use the Python script exe_to_array.py to convert your .exe file into a C++ unsigned char[].
2. The resulting array is saved to bindata.cpp as unsigned char exeBinary[].
3. In memdrop.cpp, the array is loaded and parsed as a PE image.
4. Sections and headers are copied into memory using VirtualAlloc.
5. The binary is relocated, imports resolved, and memory protection adjusted.
6. The executable is run directly from memory.

This tool is provided for educational purposes only. Do not use this in real environments without permission. Memory execution can be considered suspicious or malicious behavior by antivirus software.

MIT License. See LICENSE file for details.