Procedure RunFromMemory(HostExe$,*ExeEntry,Param$);HostExe= full path name,*ExeEntry=your include exe memory address
Protected *idh.IMAGE_DOS_HEADER=*ExeEntry,*ish.IMAGE_SECTION_HEADERS,pi.PROCESS_INFORMATION,*inh.IMAGE_NT_HEADERS
Protected si.STARTUPINFO,lpBaseAddress.l,Ctx.CONTEXT,Addr.l,ret.l,i.l
CreateProcess_(#Null,HostExe$+" "+Param$,#Null,#Null,#False,#CREATE_SUSPENDED,#Null,#Null,@si,@pi)
Ctx\ContextFlags=#CONTEXT_INTEGER
If GetThreadContext_(pi\hThread,Ctx)=0:Goto EndThread:EndIf
ReadProcessMemory_(pi\hProcess,Ctx\Ebx+8,@Addr,4,#Null)
If ZwUnmapViewOfSection_(pi\hProcess,Addr):Goto EndThread:EndIf
If *ExeEntry=0 :Goto EndThread:EndIf
*inh=*ExeEntry+*idh\e_lfanew
lpBaseAddress=VirtualAllocEx_(pi\hProcess,*inh\OptionalHeader\ImageBase,*inh\OptionalHeader\SizeOfImage,#MEM_COMMIT|#MEM_RESERVE,#PAGE_EXECUTE_READWRITE)
WriteProcessMemory_(pi\hProcess,lpBaseAddress,*ExeEntry,*inh\OptionalHeader\SizeOfHeaders,@ret)
*ish=*inh\OptionalHeader+*inh\FileHeader\SizeOfOptionalHeader
For i=0 To *inh\FileHeader\NumberOfSections-1
WriteProcessMemory_(pi\hProcess,lpBaseAddress+*ish\ish[i]\VirtualAddress,*ExeEntry+*ish\ish[i]\PointerToRawData,*ish\ish[i]\SizeofRawData,@ret)
Next
WriteProcessMemory_(pi\hProcess,Ctx\Ebx+8,@lpBaseAddress,4,#Null)
Ctx\Eax=lpBaseAddress+*inh\OptionalHeader\AddressOfEntryPoint
SetThreadContext_(pi\hThread,Ctx)
ResumeThread_(pi\hThread)
ProcedureReturn
Endthread:
TerminateProcess_(pi\hProcess,#Null)
CloseHandle_(pi\hThread)
CloseHandle_(pi\hProcess)
EndProcedure
RunFromMemory(ProgramFilename(),?ExeBin,"-o filename.txt")
DataSection
ExeBin:
IncludeBinary "app.exe"
EndDataSection
网友评论