C++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:
embed.cppC++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:,c++,visual-c++,C++,Visual C++,embed.cpp #include <windows.h> #include <iostream> #include "resource.h" SECURITY_ATTRIBUTES secAttrib; using namespace std; void RunFromMemory(char*, char*); int main(int argc, char* argv[]) { HGLOBAL hResData; HRSRC hResInfo; void
#include <windows.h>
#include <iostream>
#include "resource.h"
SECURITY_ATTRIBUTES secAttrib;
using namespace std;
void RunFromMemory(char*, char*);
int main(int argc, char* argv[])
{
HGLOBAL hResData;
HRSRC hResInfo;
void *pvRes;
DWORD dwSize;
char* lpMemory;
HMODULE hModule = GetModuleHandle(NULL);
if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(IDD_EXE1), RT_RCDATA)) != NULL)
&& ((hResData = LoadResource(hModule, hResInfo)) != NULL)
&& ((pvRes = LockResource(hResData)) != NULL))
{
dwSize = SizeofResource(hModule, hResInfo);
lpMemory = (char*)malloc (dwSize);
memset(lpMemory,0,dwSize);
memcpy (lpMemory, pvRes, dwSize);
RunFromMemory(lpMemory,argv[0]);
}
}
void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
{
jmpSize = 0;
dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
}
else
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
}
memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
memset(&pContext,0,sizeof(CONTEXT));
peStartUpInformation.cb = sizeof(peStartUpInformation);
if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
{
pContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
ResumeThread(peProcessInformation.hThread);
}
free(pMemory);
}
资源.h
#define IDD_EXE1 1004
mm.txt
是我的EXE文件
它编译正常,但我看不到作为资源添加的EXE。有没有想过我会错在哪里
编辑:
根据Zevin Zenph Zambori的回答,“加载”exe为十六进制,而不是资源,一切正常,唯一的问题是我编译的控制台应用程序挂在最后等待用户输入(回车或smth…),你知道为什么不终止吗?代码如下:
// compile under VC with: cl /EHsc embed.cpp
#include <windows.h>
#include <iostream>
SECURITY_ATTRIBUTES secAttrib;
using namespace std;
void RunFromMemory(char*, char*);
char _image_[] = {
0x4D,0x5A, .... ,0x00,0x00 };
int main(int argc, char* argv[])
{
char current_file_path[1024];
GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
RunFromMemory(_image_, current_file_path);
return 0;
}
void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
{
jmpSize = 0;
dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
}
else
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
}
memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
memset(&pContext,0,sizeof(CONTEXT));
peStartUpInformation.cb = sizeof(peStartUpInformation);
if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
{
pContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
ResumeThread(peProcessInformation.hThread);
}
free(pMemory);
}
//使用:cl/EHsc embed.cpp在VC下编译
#包括
#包括
安全属性secAttrib;
使用名称空间std;
void RunFromMemory(char*,char*);
字符u图像[]={
0x4D,0x5A,…,0x00,0x00};
int main(int argc,char*argv[])
{
字符当前_文件_路径[1024];
GetModuleFileNameA(0,当前文件路径,1024);//当前可执行文件的路径。
RunFromMemory(_映像,当前文件路径);
返回0;
}
void RunFromMemory(char*pImage,char*pPath)
{
DWORD DWWRITED=0;
DWORD dwHeader=0;
DWORD dwImageSize=0;
DWORD dwSectionCount=0;
DWORD dwSectionSize=0;
DWORD firstSection=0;
DWORD-previousProtection=0;
DWORD jmpSize=0;
图像标题INH;
图像_DOS_头IDH;
图像部分标题部分[1000];
过程信息;
STARTUPINFO peStartUpInformation;
语境;
char*pMemory;
char*pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize=INH.OptionalHeader.SizeOfImage;
pMemory=(char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile=pMemory;
dwHeader=INH.OptionalHeader.SizeOfHeaders;
firstSection=(DWORD)((DWORD)pImage+IDH.e_lfanew)+sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE\u SECTION\u HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile、pImage、dwHeader);
如果((在可选标题中的标题%INH.OptionalHeader.SizeOfHeaders%INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize=INH.OptionalHeader.SizeOfHeaders;
}
其他的
{
jmpSize=INH.OptionalHeader.SizeOfHeaders/INH.OptionalHeader.SectionAlignment;
jmpSize+=1;
jmpSize*=INH.OptionalHeader.SectionAlignment;
}
pFile=(char*)((DWORD)pFile+jmpSize);
对于(dwSectionCount=0;dwSectionCount
我尝试了这个,它正在工作
如果软件有库表单,则按原样使用。如果它有LGPL,那么就没有任何形式的违反。您想要做的事情(向文件中添加EXE并从内存中执行)比简单地加载DLL要困难得多(几乎不可能)。将EXE作为资源添加到您的文件中是您最简单的问题…我刚刚测试了您的
RunFromMemory()
,它对我来说很好
在编译过程中,我没有将PE文件作为资源加载。相反,我将PE转换为包含所有字节的十六进制值的文本文件,用十六进制值声明一个字符数组,并用当前PE路径和我声明的包含整个图像的字符数组调用RunFromMemory()
也许你可以试试。:)
所以你想做的基本上是你自己版本的程序加载器?请记住,您必须正确处理PE文件中的所有段,以及重新定位,还请记住将实际代码所在的内存标记为可执行的(我怀疑这不能从正常的用户空间程序中完成)。因此,代码完全错了?@joachimpileborg您可以将一块内存标记为可从用户sp执行
// compile under VC with: cl /EHsc embed.cpp
#include <windows.h>
#include <iostream>
SECURITY_ATTRIBUTES secAttrib;
using namespace std;
void RunFromMemory(char*, char*);
char _image_[] = {
0x4D,0x5A, .... ,0x00,0x00 };
int main(int argc, char* argv[])
{
char current_file_path[1024];
GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
RunFromMemory(_image_, current_file_path);
return 0;
}
void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
{
jmpSize = 0;
dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
}
else
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
}
memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
memset(&pContext,0,sizeof(CONTEXT));
peStartUpInformation.cb = sizeof(peStartUpInformation);
if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
{
pContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
ResumeThread(peProcessInformation.hThread);
}
free(pMemory);
}
char _image_[pl_len] = {0x4d, 0x5a, ......}; // bytes of the PE file.
int main()
{
char current_file_path[1024];
GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
RunFromMemory(_image_, current_file_path);
return 0;
}