/**//******************************************************* { ******************************************************* } { * 从内存中加载并运行exe * } { ******************************************************* } { * 参数: } { * Buffer: 内存中的exe地址 } { * Len: 内存中exe占用长度 }
{ * CmdParam: 命令行参数(不包含exe文件名的剩余命令行参数)} { * ProcessId: 返回的进程Id }
{ * 返回值: 如果成功则返回进程的Handle(ProcessHandle), } { 如果失败则返回INVALID_HANDLE_VALUE } { ******************************************************* } *******************************************************/
HANDLE MemExecute(void *ABuffer, long Len, char *CmdParam, unsigned long *ProcessId) {
HANDLE res = INVALID_HANDLE_VALUE; PIMAGE_NT_HEADERS peH;
PIMAGE_SECTION_HEADERS peSecH; void *Ptr;
unsigned long peSz;
if(AlignPEToMem(ABuffer, Len, peH, peSecH, Ptr, peSz)) {
res = AttachPE(CmdParam, peH, peSecH, Ptr, peSz, *ProcessId); VirtualFree(Ptr, peSz, MEM_DECOMMIT); }
return res; }
// 初始化
class CInit { public: CInit() {
MyVirtualAllocEx = (pfVirtualAllocEx)GetProcAddress(GetModuleHandle(\ } }Init;
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
HANDLE hFile = NULL;
hFile = ::CreateFile( \ , FILE_ALL_ACCESS , 0 , NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL , NULL );
if( hFile == INVALID_HANDLE_VALUE ) return -1;
::SetFilePointer( hFile, 0, NULL, FILE_BEGIN); DWORD dwFileSize = ::GetFileSize( hFile, NULL);
LPBYTE pBuf = new BYTE[dwFileSize];
memset( pBuf, 0, dwFileSize);
DWORD dwNumberOfBytesRead = 0; ::ReadFile( hFile , pBuf , dwFileSize
, &dwNumberOfBytesRead , NULL );
::CloseHandle(hFile);
unsigned long ulProcessId = 0;
MemExecute( pBuf, dwFileSize, \ delete[] pBuf; return 0; }