在使用MemExe模块进行内存运行时,遇到在64位环境下不稳定和无法等待主线程的问题。为适应DelphiXE2的08R2 64位开发环境,对原有模块进行了改造,以改善其兼容性和控制执行流程。
以前一直用的MemExe模块,这个在国内互联网里面到处复制的泛滥,都是98-99年的东西了。
现在的开发环境是08R2 64位,这个模块经常导致程序不能正常运行,而且没有等待主线程的问题。
对国外一个优秀的内存运行改装一下:
{ uExecFromMem
Author: steve10120
Description: Run an executable from another's memory.
Credits: Tan Chew Keong: Dynamic Forking of Win32 EXE; Author of BTMemoryModule: PerformBaseRelocation().
Reference: http://www.security.org.sg/code/loadexe.html
Release Date: 26th August 2009
Website: http://ic0de.org
History: First try
Additions by testest 15th July 2010:
- Parameter support
- Win7 x64 support
Additions by a05356316 5th Aug 2012:
- Support For Delphi XE2
- Support For Wait Main Process
}
unit uExecFromMem;
interface
uses Windows, dialogs;
function ExecuteFromMem(szFilePath, szParams: string; pFile: Pointer): DWORD;
implementation
function NtUnmapViewOfSection(ProcessHandle: DWORD; BaseAddress: Pointer): DWORD; stdcall; external 'ntdll';
type
PImageBaseRelocation = ^TImageBaseRelocation;
TImageBaseRelocation = packed record
VirtualAddress: DWORD;
SizeOfBlock: DWORD;
end;
procedure PerformBaseRelocation(f_module: Pointer; INH: PImageNtHeaders; f_delta: Cardinal); stdcall;
var
l_i: Cardinal;
l_codebase: Pointe
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
