I use from this code to run byte of exe files to run in memory.
bool RunExe(void* Image)
{
Write_Output(L"Create file in Memory", L"BLUE");
Write_Output(L"Get header of file", L"BLUE");
IMAGE_DOS_HEADER* DOSHeader = PIMAGE_DOS_HEADER(Image);
IMAGE_NT_HEADERS* NtHeader = PIMAGE_NT_HEADERS(ULONG_PTR(Image) + DOSHeader->e_lfanew);
Write_Output(L"Get current path", L"BLUE");
char CurrentFilePath[1024];
GetModuleFileNameA(0, CurrentFilePath, 1024); // path to current executable
Write_Output(L"Current path is: " + CString(CurrentFilePath), L"BLUE");
Write_Output(L"Check Signature", L"BLUE");
if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // Check if image is a PE File.
{
Write_Output(L"Signature is OK", L"GREEN");
STARTUPINFOA SI;
ZeroMemory(&SI, sizeof(SI));
ZeroMemory(&PI, sizeof(PI));
Write_Output(L"Create Proccess", L"BLUE");
if (CreateProcessA(CurrentFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
{
Write_Output(L"Proccess is created!", L"BLUE");
Write_Output(L"Go to virtual allocate", L"BLUE");
CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE));
if (CTX == 0)
return false;
Write_Output(L"CTX is ok", L"BLUE");
CTX->ContextFlags = CONTEXT_FULL; // Context is allocated
Write_Output(L"Go to get thread", L"BLUE");
if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
{
Write_Output(L"Thread is got.", L"BLUE");
ULONG_PTR ImageBase; //Base address of the image
ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0);
Write_Output(L"Go to virtualEx allocate", L"BLUE");
void* pImageBase = VirtualAllocEx(PI.hProcess,
LPVOID(NtHeader->OptionalHeader.ImageBase),
NtHeader->OptionalHeader.SizeOfImage,
MEM_RESERVE | MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
if (pImageBase == 0)
{
Write_Output(L"Error in VirtualAllocEx (image base is null)", L"BLUE");
return false;
}
Write_Output(L"Image base is ok", L"BLUE");
DWORD prevProt;
//bool res = VirtualProtectEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase), NtHeader->OptionalHeader.SizeOfImage, PAGE_READWRITE, &prevProt);
Write_Output(L"Go to write in memory", L"BLUE");
WriteProcessMemory(PI.hProcess,
pImageBase,
Image,
NtHeader->OptionalHeader.SizeOfHeaders,
NULL);
Write_Output(L"Create section header", L"BLUE");
IMAGE_SECTION_HEADER* SectionHeader;
for (int count = 0; count < NtHeader->FileHeader.NumberOfSections; count++)
{
SectionHeader = PIMAGE_SECTION_HEADER(ULONG_PTR(Image) + DOSHeader->e_lfanew + 248 + (count * 40));
WriteProcessMemory(PI.hProcess,
PVOID64(ULONG_PTR(pImageBase) + SectionHeader->VirtualAddress),
PVOID64(ULONG_PTR(Image) + SectionHeader->PointerToRawData),
SectionHeader->SizeOfRawData,
0);
}
Write_Output(L"Go to write in memory", L"BLUE");
WriteProcessMemory(PI.hProcess,
LPVOID(CTX->Ebx + 8),
LPVOID(&NtHeader->OptionalHeader.ImageBase),
4,
0);
CTX->Eax = ULONG_PTR(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
SetThreadContext(PI.hThread, LPCONTEXT(CTX));
Write_Output(L"Go to run in memory", L"BLUE");
ResumeThread(PI.hThread);
return true;
}
else
{
Write_Output(L"Error in get thread", L"RED");
return false;
}
}
else
{
Write_Output(L"Error in create proccess", L"RED");
return false;
}
}
Write_Output(L"Error in check signature", L"RED");
return false;
}
My function work correctlly and I do not have any problem.
But when I run some exe file for running the my log is print this:
Create file in Memory
Get header of file
Get current path
Current path is: D:\Runner.exe
Check Signature
Signature is OK
Create Proccess
Proccess is created!
Go to virtual allocate
CTX is ok
Go to get thread
Thread is got.
Go to virtualEx allocate
Error in VirtualAllocEx (image base is null)
So I can not run my exe. but other exe file like cal.exe or my program are run successfully.
Note: I want always run 32bit exe. so my exe is 32bit only
Why I get null from VirtualAllocEx func?
And I want from professional c++ programers to say me that my code is ok?
Aucun commentaire:
Enregistrer un commentaire