Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/cplusplus/133.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:_C++_Visual C++ - Fatal编程技术网
Fatal编程技术网
  • cplusplus/
  • C++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:

C++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:

c++ visual-c++

C++;将PE文件添加为资源并从内存中执行 我在C++中有以下程序,将一个EXE文件(PE)添加为资源并从内存执行它(不,不是恶意软件相关的,我只是用于个人项目GPL exe文件,所以没有许可违例),但是当从命令行编译为“代码> Cl/EHSC嵌入.CPP < /代码>时,PE文件没有被加载为资源。完整的源代码如下所示:,c++,visual-c++,C++,Visual C++,embed.cpp #include <windows.h> #include <iostream> #include "resource.h" SECURITY_ATTRIBUTES secAttrib; using namespace std; void RunFromMemory(char*, char*); int main(int argc, char* argv[]) { HGLOBAL hResData; HRSRC hResInfo; void

embed.cpp

#include <windows.h>
#include <iostream>
#include "resource.h"

SECURITY_ATTRIBUTES secAttrib;

using namespace std;
void RunFromMemory(char*, char*);

int main(int argc, char* argv[])
{
HGLOBAL hResData;
HRSRC   hResInfo;
void    *pvRes;
DWORD dwSize;
char* lpMemory;
HMODULE hModule = GetModuleHandle(NULL);

if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(IDD_EXE1), RT_RCDATA)) != NULL)
    && ((hResData = LoadResource(hModule, hResInfo)) != NULL) 
    && ((pvRes = LockResource(hResData)) != NULL))
{
    dwSize = SizeofResource(hModule, hResInfo);
    lpMemory = (char*)malloc (dwSize);
    memset(lpMemory,0,dwSize);
    memcpy (lpMemory, pvRes, dwSize);
    RunFromMemory(lpMemory,argv[0]);    
}
}

void RunFromMemory(char* pImage,char* pPath)
{
    DWORD dwWritten = 0;
    DWORD dwHeader = 0; 
    DWORD dwImageSize = 0;
    DWORD dwSectionCount = 0;
    DWORD dwSectionSize = 0;
    DWORD firstSection = 0;
    DWORD previousProtection = 0;
    DWORD jmpSize = 0;

    IMAGE_NT_HEADERS INH;
    IMAGE_DOS_HEADER IDH;
    IMAGE_SECTION_HEADER Sections[1000];

    PROCESS_INFORMATION peProcessInformation;
    STARTUPINFO peStartUpInformation;
    CONTEXT pContext;

    char* pMemory;
    char* pFile;
    memcpy(&IDH,pImage,sizeof(IDH));
    memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));

    dwImageSize = INH.OptionalHeader.SizeOfImage;
    pMemory = (char*)malloc(dwImageSize);
    memset(pMemory,0,dwImageSize);
    pFile = pMemory;

    dwHeader = INH.OptionalHeader.SizeOfHeaders;
    firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
    memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);

    memcpy(pFile,pImage,dwHeader);

    if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders;
    }
    else
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
        jmpSize += 1;
        jmpSize *= INH.OptionalHeader.SectionAlignment;
    }

    pFile = (char*)((DWORD)pFile + jmpSize);

    for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
    {
        jmpSize = 0;
        dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
        memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);

        if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
        }
        else
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
            jmpSize += 1;
            jmpSize *= INH.OptionalHeader.SectionAlignment;
        }
        pFile = (char*)((DWORD)pFile + jmpSize);
    }


    memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
    memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
    memset(&pContext,0,sizeof(CONTEXT));

    peStartUpInformation.cb = sizeof(peStartUpInformation);
    if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
    {
        pContext.ContextFlags = CONTEXT_FULL;
        GetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
        pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
        SetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
        ResumeThread(peProcessInformation.hThread);
    }
    free(pMemory);
}
资源.h

#define IDD_EXE1                      1004

mm.txt
是我的EXE文件

它编译正常,但我看不到作为资源添加的EXE。有没有想过我会错在哪里

编辑:

根据Zevin Zenph Zambori的回答,“加载”exe为十六进制,而不是资源,一切正常,唯一的问题是我编译的控制台应用程序挂在最后等待用户输入(回车或smth…),你知道为什么不终止吗?代码如下:

// compile under VC with: cl /EHsc embed.cpp
#include <windows.h>
#include <iostream>

SECURITY_ATTRIBUTES secAttrib;

using namespace std;
void RunFromMemory(char*, char*);

char _image_[] = {
0x4D,0x5A, .... ,0x00,0x00 };

int main(int argc, char* argv[])
{
    char current_file_path[1024];
    GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
    RunFromMemory(_image_, current_file_path);
    return 0;
}

void RunFromMemory(char* pImage,char* pPath)
{
    DWORD dwWritten = 0;
    DWORD dwHeader = 0; 
    DWORD dwImageSize = 0;
    DWORD dwSectionCount = 0;
    DWORD dwSectionSize = 0;
    DWORD firstSection = 0;
    DWORD previousProtection = 0;
    DWORD jmpSize = 0;

    IMAGE_NT_HEADERS INH;
    IMAGE_DOS_HEADER IDH;
    IMAGE_SECTION_HEADER Sections[1000];

    PROCESS_INFORMATION peProcessInformation;
    STARTUPINFO peStartUpInformation;
    CONTEXT pContext;

    char* pMemory;
    char* pFile;
    memcpy(&IDH,pImage,sizeof(IDH));
    memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));

    dwImageSize = INH.OptionalHeader.SizeOfImage;
    pMemory = (char*)malloc(dwImageSize);
    memset(pMemory,0,dwImageSize);
    pFile = pMemory;

    dwHeader = INH.OptionalHeader.SizeOfHeaders;
    firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
    memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);

    memcpy(pFile,pImage,dwHeader);

    if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders;
    }
    else
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
        jmpSize += 1;
        jmpSize *= INH.OptionalHeader.SectionAlignment;
    }

    pFile = (char*)((DWORD)pFile + jmpSize);

    for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
    {
        jmpSize = 0;
        dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
        memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);

        if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
        }
        else
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
            jmpSize += 1;
            jmpSize *= INH.OptionalHeader.SectionAlignment;
        }
        pFile = (char*)((DWORD)pFile + jmpSize);
    }


    memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
    memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
    memset(&pContext,0,sizeof(CONTEXT));

    peStartUpInformation.cb = sizeof(peStartUpInformation);
    if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
    {
        pContext.ContextFlags = CONTEXT_FULL;
        GetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
        pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
        SetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
        ResumeThread(peProcessInformation.hThread);
    }
    free(pMemory);
}

//使用:cl/EHsc embed.cpp在VC下编译
#包括
#包括
安全属性secAttrib;
使用名称空间std;
void RunFromMemory(char*,char*);
字符u图像[]={
0x4D,0x5A,…,0x00,0x00};
int main(int argc,char*argv[])
{
字符当前_文件_路径[1024];
GetModuleFileNameA(0,当前文件路径,1024);//当前可执行文件的路径。
RunFromMemory(_映像,当前文件路径);
返回0;
}
void RunFromMemory(char*pImage,char*pPath)
{
DWORD DWWRITED=0;
DWORD dwHeader=0;
DWORD dwImageSize=0;
DWORD dwSectionCount=0;
DWORD dwSectionSize=0;
DWORD firstSection=0;
DWORD-previousProtection=0;
DWORD jmpSize=0;
图像标题INH;
图像_DOS_头IDH;
图像部分标题部分[1000];
过程信息;
STARTUPINFO peStartUpInformation;
语境;
char*pMemory;
char*pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize=INH.OptionalHeader.SizeOfImage;
pMemory=(char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile=pMemory;
dwHeader=INH.OptionalHeader.SizeOfHeaders;
firstSection=(DWORD)((DWORD)pImage+IDH.e_lfanew)+sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE\u SECTION\u HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile、pImage、dwHeader);
如果((在可选标题中的标题%INH.OptionalHeader.SizeOfHeaders%INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize=INH.OptionalHeader.SizeOfHeaders;
}
其他的
{
jmpSize=INH.OptionalHeader.SizeOfHeaders/INH.OptionalHeader.SectionAlignment;
jmpSize+=1;
jmpSize*=INH.OptionalHeader.SectionAlignment;
}
pFile=(char*)((DWORD)pFile+jmpSize);
对于(dwSectionCount=0;dwSectionCount
我尝试了这个,它正在工作

如果软件有库表单,则按原样使用。如果它有LGPL,那么就没有任何形式的违反。您想要做的事情(向文件中添加EXE并从内存中执行)比简单地加载DLL要困难得多(几乎不可能)。将EXE作为资源添加到您的文件中是您最简单的问题…

我刚刚测试了您的
RunFromMemory()
,它对我来说很好

在编译过程中,我没有将PE文件作为资源加载。相反,我将PE转换为包含所有字节的十六进制值的文本文件,用十六进制值声明一个字符数组,并用当前PE路径和我声明的包含整个图像的字符数组调用
RunFromMemory()

也许你可以试试。:)

所以你想做的基本上是你自己版本的程序加载器?请记住,您必须正确处理PE文件中的所有段,以及重新定位,还请记住将实际代码所在的内存标记为可执行的(我怀疑这不能从正常的用户空间程序中完成)。因此,代码完全错了?@joachimpileborg您可以将一块内存标记为可从用户sp执行 
// compile under VC with: cl /EHsc embed.cpp
#include <windows.h>
#include <iostream>

SECURITY_ATTRIBUTES secAttrib;

using namespace std;
void RunFromMemory(char*, char*);

char _image_[] = {
0x4D,0x5A, .... ,0x00,0x00 };

int main(int argc, char* argv[])
{
    char current_file_path[1024];
    GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
    RunFromMemory(_image_, current_file_path);
    return 0;
}

void RunFromMemory(char* pImage,char* pPath)
{
    DWORD dwWritten = 0;
    DWORD dwHeader = 0; 
    DWORD dwImageSize = 0;
    DWORD dwSectionCount = 0;
    DWORD dwSectionSize = 0;
    DWORD firstSection = 0;
    DWORD previousProtection = 0;
    DWORD jmpSize = 0;

    IMAGE_NT_HEADERS INH;
    IMAGE_DOS_HEADER IDH;
    IMAGE_SECTION_HEADER Sections[1000];

    PROCESS_INFORMATION peProcessInformation;
    STARTUPINFO peStartUpInformation;
    CONTEXT pContext;

    char* pMemory;
    char* pFile;
    memcpy(&IDH,pImage,sizeof(IDH));
    memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));

    dwImageSize = INH.OptionalHeader.SizeOfImage;
    pMemory = (char*)malloc(dwImageSize);
    memset(pMemory,0,dwImageSize);
    pFile = pMemory;

    dwHeader = INH.OptionalHeader.SizeOfHeaders;
    firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
    memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);

    memcpy(pFile,pImage,dwHeader);

    if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders;
    }
    else
    {
        jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
        jmpSize += 1;
        jmpSize *= INH.OptionalHeader.SectionAlignment;
    }

    pFile = (char*)((DWORD)pFile + jmpSize);

    for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
    {
        jmpSize = 0;
        dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
        memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);

        if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
        }
        else
        {
            jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
            jmpSize += 1;
            jmpSize *= INH.OptionalHeader.SectionAlignment;
        }
        pFile = (char*)((DWORD)pFile + jmpSize);
    }


    memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
    memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
    memset(&pContext,0,sizeof(CONTEXT));

    peStartUpInformation.cb = sizeof(peStartUpInformation);
    if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
    {
        pContext.ContextFlags = CONTEXT_FULL;
        GetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
        WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
        pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
        SetThreadContext(peProcessInformation.hThread,&pContext);
        VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
        ResumeThread(peProcessInformation.hThread);
    }
    free(pMemory);
}

char _image_[pl_len] = {0x4d, 0x5a, ......}; // bytes of the PE file.

int main()
{
    char current_file_path[1024];
    GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
    RunFromMemory(_image_, current_file_path);
    return 0;
}