使用 CreateProcess 运行资源

【问题标题】:Run resource with CreateProcess使用 CreateProcess 运行资源
【发布时间】:2014-05-03 06:39:04
【问题描述】:

我有一个 PE exe 作为另一个 exe 的资源。 如果我提取并写入资源文件,它运行良好。 如果我尝试使用 CreateProcess 运行,则会出现错误(无法运行应用程序)

这是我的创建过程代码:

void BBStub::RunFromMemory(unsigned char* pImage, char* pPath)
{

  DWORD dwWritten = 0;
  DWORD dwHeader = 0;
  DWORD dwImageSize = 0;
  DWORD dwSectionCount = 0;
  DWORD dwSectionSize = 0;
  DWORD firstSection = 0;
  DWORD previousProtection = 0;
  DWORD jmpSize = 0;

  IMAGE_NT_HEADERS INH;
  IMAGE_DOS_HEADER IDH;
  IMAGE_SECTION_HEADER Sections[1000];

  PROCESS_INFORMATION peProcessInformation;
  STARTUPINFO peStartUpInformation;
  CONTEXT pContext;
  SECURITY_ATTRIBUTES secAttrib;

  char* pMemory;
  char* pFile;
  memcpy(&IDH, pImage, sizeof(IDH));
  memcpy(&INH, (void*)((DWORD)pImage + IDH.e_lfanew), sizeof(INH));

  dwImageSize = INH.OptionalHeader.SizeOfImage;
  pMemory = (char*)malloc(dwImageSize);
  memset(pMemory, 0, dwImageSize);
  pFile = pMemory;

  dwHeader = INH.OptionalHeader.SizeOfHeaders;
  firstSection = (DWORD)(((DWORD)pImage + IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
  memcpy(Sections, (char*)(firstSection), sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);

  memcpy(pFile, pImage, dwHeader);

  if ((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment) == 0)
  {
      jmpSize = INH.OptionalHeader.SizeOfHeaders;
  }
  else
  {
      jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment;
      jmpSize += 1;
      jmpSize *= INH.OptionalHeader.SectionAlignment;
  }

  pFile = (char*)((DWORD)pFile + jmpSize);

  for (dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++)
  {
      jmpSize = 0;
      dwSectionSize = Sections[dwSectionCount].SizeOfRawData;
      memcpy(pFile, (char*)(pImage + Sections[dwSectionCount].PointerToRawData), dwSectionSize);

      if ((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment) == 0)
      {
          jmpSize = Sections[dwSectionCount].Misc.VirtualSize;
      }
      else
      {
          jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment;
          jmpSize += 1;
          jmpSize *= INH.OptionalHeader.SectionAlignment;
      }
      pFile = (char*)((DWORD)pFile + jmpSize);
  }


  memset(&peStartUpInformation, 0, sizeof(STARTUPINFO));
  memset(&peProcessInformation, 0, sizeof(PROCESS_INFORMATION));
  memset(&pContext, 0, sizeof(CONTEXT));

  peStartUpInformation.cb = sizeof(peStartUpInformation);

  cout << peStartUpInformation.cb << endl;
  //      if (CreateProcess(NULL, pPath, &secAttrib, NULL, false, CREATE_SUSPENDED, NULL, NULL, &peStartUpInformation, &peProcessInformation))
  try
  {

      if (CreateProcess(NULL, pPath, NULL, NULL, false, CREATE_SUSPENDED, NULL, NULL, &peStartUpInformation, &peProcessInformation))
      {
          pContext.ContextFlags = CONTEXT_FULL;
          GetThreadContext(peProcessInformation.hThread, &pContext);
          VirtualProtectEx(peProcessInformation.hProcess, (void*)((DWORD)INH.OptionalHeader.ImageBase), dwImageSize, PAGE_EXECUTE_READWRITE, &previousProtection);
          WriteProcessMemory(peProcessInformation.hProcess, (void*)((DWORD)INH.OptionalHeader.ImageBase), pMemory, dwImageSize, &dwWritten);
          WriteProcessMemory(peProcessInformation.hProcess, (void*)((DWORD)pContext.Ebx + 8), &INH.OptionalHeader.ImageBase, 4, &dwWritten);
          pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint;
          SetThreadContext(peProcessInformation.hThread, &pContext);
          ResumeThread(peProcessInformation.hThread);
      }
      else {
          DWORD dw = GetLastError();
          cout << "Error" << endl;
          cout << dw << endl;
      }
  }
  catch (exception e)
  {
      cout << e.what();
  }
  free(pMemory);
}

有什么想法吗?

【问题讨论】:

  • 错误是什么?即 CreateProcess() 是否返回错误(哪个),或者什么也没发生,或者?
  • 应用程序无法正常启动(0xc000000c)
  • 只是为了测试,尝试添加对 GetStartupInfo(&peStartUpInformation); 的调用在您调用 CreateProcess() 之前。我记得我的 PROCESS_INFORMATION 结构初始化错误时有非常奇怪的行为(虽然乍一看你的看起来不错......)
  • 上述代码的哪一部分出现了错误?以及如何解决对其他库的引用?
  • 您不能使用CreateProcess“从内存”运行程序。 Create process 想要一个可执行文件的路径。

标签: c++ winapi createprocess


【解决方案1】:

这被称为 RunPE,您启动一​​个暂停的进程,然后将您的可执行文件映射到它的内存中,将 EIP 设置为入口点并恢复该进程。

执行此操作的最佳代码来自 hasherezade,可在她的github 上找到

【讨论】:

    猜你喜欢
    • 2016-06-21
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2010-11-14
    • 2020-01-17
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode