我在C ++中有以下程序,它将EXE文件(PE)添加为资源并从内存中执行(不,不是恶意软件相关,我只是用于个人项目的GPL exe文件,所以没有违反许可证)但是当我从命令行编译cl /EHsc embed.cpp时,似乎没有将PE文件作为资源加载。完整的源代码如下:
embed.cpp
#include <windows.h>
#include <iostream>
#include "resource.h"
SECURITY_ATTRIBUTES secAttrib;
using namespace std;
void RunFromMemory(char*, char*);
int main(int argc, char* argv[])
{
HGLOBAL hResData;
HRSRC hResInfo;
void *pvRes;
DWORD dwSize;
char* lpMemory;
HMODULE hModule = GetModuleHandle(NULL);
if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(IDD_EXE1), RT_RCDATA)) != NULL)
&& ((hResData = LoadResource(hModule, hResInfo)) != NULL)
&& ((pvRes = LockResource(hResData)) != NULL))
{
dwSize = SizeofResource(hModule, hResInfo);
lpMemory = (char*)malloc (dwSize);
memset(lpMemory,0,dwSize);
memcpy (lpMemory, pvRes, dwSize);
RunFromMemory(lpMemory,argv[0]);
}
}
void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
{
jmpSize = 0;
dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
}
else
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
}
memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
memset(&pContext,0,sizeof(CONTEXT));
peStartUpInformation.cb = sizeof(peStartUpInformation);
if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
{
pContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
ResumeThread(peProcessInformation.hThread);
}
free(pMemory);
}
app.rc
IDD_EXE1 RCDATA "mm.txt"
RESOURCE.H
#define IDD_EXE1 1004
mm.txt是我的EXE文件。
它编译好,但我看不到EXE作为资源添加。有什么想法我可能错了吗?
编辑:
根据Zevin Zenph Zambori的回答,“加载”exe作为HEX而不是资源,一切正常,我编译的控制台应用程序在最后等待用户输入(回车或smth ...)时挂起的唯一问题任何想法为什么不终止?这是代码:
// compile under VC with: cl /EHsc embed.cpp
#include <windows.h>
#include <iostream>
SECURITY_ATTRIBUTES secAttrib;
using namespace std;
void RunFromMemory(char*, char*);
char _image_[] = {
0x4D,0x5A, .... ,0x00,0x00 };
int main(int argc, char* argv[])
{
char current_file_path[1024];
GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
RunFromMemory(_image_, current_file_path);
return 0;
}
void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
{
jmpSize = 0;
dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize);
if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
}
else
{
jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
jmpSize += 1;
jmpSize *= INH.OptionalHeader.SectionAlignment;
}
pFile = (char*)((DWORD)pFile + jmpSize);
}
memset(&peStartUpInformation,0,sizeof(STARTUPINFO));
memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION));
memset(&pContext,0,sizeof(CONTEXT));
peStartUpInformation.cb = sizeof(peStartUpInformation);
if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED,NULL,NULL,&peStartUpInformation,&peProcessInformation))
{
pContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten);
WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten);
pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(peProcessInformation.hThread,&pContext);
VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0);
ResumeThread(peProcessInformation.hThread);
}
free(pMemory);
}
答案 0 :(得分:1)
我刚测试了你的RunFromMemory(),它对我来说很好。
我所做的是在编译过程中没有将PE文件作为资源加载。相反,我将PE转换为包含所有字节的HEX值的文本文件,声明具有HEX值的char数组,并使用当前PE路径和我声明的包含整个图像的char数组调用RunFromMemory()
也许你可以尝试一下。 :)
char _image_[pl_len] = {0x4d, 0x5a, ......}; // bytes of the PE file.
int main()
{
char current_file_path[1024];
GetModuleFileNameA(0, current_file_path, 1024); // Path to current executable.
RunFromMemory(_image_, current_file_path);
return 0;
}
答案 1 :(得分:0)
答案 2 :(得分:0)
如果软件有库表格,则按原样使用。如果它有LGPL,则不存在任何违规行为。您想要做什么(将EXE添加到您的文件并从内存中执行)比简单地加载DLL要困难得多(AFAIK不可能)。将EXE作为资源添加到您的文件中是您遇到的最少问题......