有时候需要将exe加载至内存运行,例如保护exe程序版权。
先上代码:
#ifdef WIN32
#include <windows.h>
#else
#error Process Forking Requires a Windows Operating System
#endif
#include <stdio.h>
/
// NtUnmapViewOfSection (ZwUnmapViewOfSection)
// Used to unmap a section from a process.
bool ForkProcess(LPVOID lpImage)
{
char s[21] = " ";
s[0] = 'N';
s[1] = 't';
// Variables for Process Forking
long int lWritten;
long int lHeaderSize;
long int lImageSize;
long int lSectionCount;
long int lSectionSize;
long int lFirstSection;
long int lPreviousProtection;
long int lJumpSize;
bool bReturnValue;
LPVOID lpImageMemory;
LPVOID lpImageMemoryDummy;
IMAGE_DOS_HEADER dsDosHeader;
IMAGE_NT_HEADERS ntNtHeader;
IMAGE_SECTION_HEADER shSections[512 * 2];
PROCESS_INFORMATION piProcessInformation;
STARTUPINFO suStartUpInformation;
CONTEXT cContext;
// Variables for Local Process
FILE* fFile;
char* pProcessName;
long int lFileSize;
long int lLocalImageBase;
long int lLocalImageSize;
LPVOID lpLocalFile;
IMAGE_DOS_HEADER dsLocalDosHeader;
IMAGE_NT_HEADERS ntLocalNtHeader;
// End Variable Definition
bReturnValue = false;
pProcessName = new char[MAX_PATH];
ZeroMemory(pProcessName, MAX_PATH);
// Get the file name for the dummy process
if(GetModuleFileName(NULL, pProcessName, MAX_PATH) == 0)
{
delete [] pProcessName;
return bReturnValue;
}
s[2] = 'U';
s[3] = 'n';
// Open the dummy process in binary mode
fFile = fopen(pProcessName, "rb");
if(!fFile)
{
delete [] pProcessName;
最低0.47元/天 解锁文章
3502
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
