c++ - CreateProcess() From Memory Buffer Doesn't Work On Windows 7 -

-

i searching awhile how read exe memory , execute directly memory. i've passed answer useful createprocess memory buffer.

fortunately i've found code implementing mentioned idea. after tweaking got work.

#include <windows.h> #include <stdlib.h> #include <stdio.h>  void runfrommemory(unsigned char* pimage,char* ppath) {     dword dwwritten = 0;     dword dwheader = 0;      dword dwimagesize = 0;     dword dwsectioncount = 0;     dword dwsectionsize = 0;     dword firstsection = 0;     dword previousprotection = 0;     dword jmpsize = 0;      image_nt_headers inh;     image_dos_header idh;     image_section_header sections[1000];      process_information peprocessinformation;     startupinfo pestartupinformation;     context pcontext;     security_attributes secattrib;      char* pmemory;     char* pfile;     memcpy(&idh,pimage,sizeof(idh));     memcpy(&inh,(void*)((dword)pimage+idh.e_lfanew),sizeof(inh));      dwimagesize = inh.optionalheader.sizeofimage;     pmemory = (char*)malloc(dwimagesize);     memset(pmemory,0,dwimagesize);     pfile = pmemory;      dwheader = inh.optionalheader.sizeofheaders;     firstsection = (dword)(((dword)pimage+idh.e_lfanew) + sizeof(image_nt_headers));     memcpy(sections,(char*)(firstsection),sizeof(image_section_header)*inh.fileheader.numberofsections);      memcpy(pfile,pimage,dwheader);      if((inh.optionalheader.sizeofheaders % inh.optionalheader.sectionalignment)==0)     {         jmpsize = inh.optionalheader.sizeofheaders;     }     else     {         jmpsize = inh.optionalheader.sizeofheaders / inh.optionalheader.sectionalignment;         jmpsize += 1;         jmpsize *= inh.optionalheader.sectionalignment;     }      pfile = (char*)((dword)pfile + jmpsize);      for(dwsectioncount = 0; dwsectioncount < inh.fileheader.numberofsections; dwsectioncount++)     {         jmpsize = 0;         dwsectionsize = sections[dwsectioncount].sizeofrawdata;         memcpy(pfile,(char*)(pimage + sections[dwsectioncount].pointertorawdata),dwsectionsize);          if((sections[dwsectioncount].misc.virtualsize % inh.optionalheader.sectionalignment)==0)         {             jmpsize = sections[dwsectioncount].misc.virtualsize;         }         else         {             jmpsize = sections[dwsectioncount].misc.virtualsize / inh.optionalheader.sectionalignment;             jmpsize += 1;             jmpsize *= inh.optionalheader.sectionalignment;         }         pfile = (char*)((dword)pfile + jmpsize);     }       memset(&pestartupinformation,0,sizeof(startupinfo));     memset(&peprocessinformation,0,sizeof(process_information));     memset(&pcontext,0,sizeof(context));      pestartupinformation.cb = sizeof(pestartupinformation);     if(createprocess(null,ppath,null,null,false,create_suspended, null,null,&pestartupinformation,&peprocessinformation))     {          pcontext.contextflags = context_full;         getthreadcontext(peprocessinformation.hthread,&pcontext);         virtualprotectex(peprocessinformation.hprocess,(void*)((dword)inh.optionalheader.imagebase),dwimagesize,page_execute_readwrite,&previousprotection);         writeprocessmemory(peprocessinformation.hprocess,(void*)((dword)inh.optionalheader.imagebase),pmemory,dwimagesize,&dwwritten);         writeprocessmemory(peprocessinformation.hprocess,(void*)((dword)pcontext.ebx + 8),&inh.optionalheader.imagebase,4,&dwwritten);         pcontext.eax = inh.optionalheader.imagebase + inh.optionalheader.addressofentrypoint;         setthreadcontext(peprocessinformation.hthread,&pcontext);         virtualprotectex(peprocessinformation.hprocess,(void*)((dword)inh.optionalheader.imagebase),dwimagesize,previousprotection,0);         resumethread(peprocessinformation.hthread);      }     else{         // debugging         dword er = getlasterror();         dword x = er;     }     free(pmemory); }  int main() {     //*********** open file encrypt ************     char exe_path[] = "c:\\prog.exe";     file *infile = fopen(exe_path, "rb");     fseek(infile , 0 , seek_end);     unsigned long dwsize = ftell(infile);     rewind(infile);     unsigned char *lpmemory = (unsigned char*) malloc (sizeof(unsigned char)*dwsize);     fread(lpmemory,1,dwsize,infile);     fclose (infile);     //**********************************************       //********* execute ***********     runfrommemory(lpmemory,exe_path);       return 0; }

i put sample program called prog.exe c drive , code reads memory , executes it. code works on windows xp can't work on windows 7 launches error message.

the application unable start correctly (0xc000000c). click ok close application.

i don't reason may work correctly on windows xp not on windows 7. did windows 7 apply changes pe format or headers or ??

thanks in advance. , if test it, don't forget put sample exe c:\prog.exe or change path in code like.

this major hack, , should avoid doing it. if want start new process guaranteed way make work without issue launch executable resides in filesystem. else hack , can't rely on working in future.


Comments

Post a Comment

Popular posts from this blog

python - Subclassed QStyledItemDelegate ignores Stylesheet -

-
i'm trying subclass qstyleditemdelegate remove focus rectangle in qcombobox . even though i'm calling base implementation of paint function , nothing else, result different. looks if parts of style-sheet influence bounding box of item taken consideration. class pstyleditemdelegate(qstyleditemdelegate): def __init__(self, *args, **kwds): super(pstyleditemdelegate, self).__init__(*args, **kwds) def paint(self, *args, **kwargs): qstyleditemdelegate.paint(*args, **kwargs) what have paint unmodified qstyleditemdelegate ? as suggested tried replacing pyside pyqt4 , works, appears bug. update pyside 1.1.2 1.2.1 result same. unfortunately switch breaks other parts of code, if there no other suggestions i'm going accept answer. edit bug tracked here
Read more

java - HttpClient 3.1 Connection pooling vs HttpClient 4.3.2 -

-
i have used httpclient3.1(java) connection pooling below : import org.apache.commons.httpclient.httpclient; import org.apache.commons.httpclient.multithreadedhttpconnectionmanager; import org.apache.commons.httpclient.params.httpclientparams; import org.apache.commons.httpclient.params.httpmethodparams; import org.apache.log4j.logger; public class httpclientmanager { private static logger logger = logger.getlogger(httpclientmanager.class); private static multithreadedhttpconnectionmanager connectionmanager = new multithreadedhttpconnectionmanager(); private static httpclientparams clientparams = new httpclientparams(); static { try { clientparams.makelenient(); clientparams.setauthenticationpreemptive(false); clientparams.setparameter(httpmethodparams.so_timeout, new integer(30000)); // set so_timeout clientparams.setparameter(httpmethodparams.head_body_check_timeout, new integer(3000)); // head responses ...
Read more

node.js - StackOverflow API not returning JSON -

-
i using node.js script gather data stackoverflow. know responses gzipped, put code in should take care of that. script follows: var request = require('request'); var zlib = require('zlib'); function getstackoverflowresponse(url, callback){ request(url, {encoding: null}, function(err, response, body){ if(response.headers['content-encoding'] == 'gzip'){ zlib.gunzip(body, function(err, dezipped) { callback(dezipped); }); } else { callback(body); } }); } var url = "https://api.stackexchange.com/docs/questions#pagesize=2&order=desc&min=2014-01-04&max=2014-02-02&sort=activity&tagged=apigee&filter=default&site=stackoverflow&run=true"; getstackoverflowresponse(url, function(questions) { console.log(questions); }); instead of getting json output, i'm getting following response: buffer 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48...
Read more