如何运行res里面包含的exe文件(100分)

  • 主题发起人 主题发起人 qfgj
  • 开始时间 开始时间
&nbsp;qfgj,已发,查收。。 :) &nbsp;<br>现在delphi盒子在弄服务器,否则我放到空间,你们直接下。。
 
很多程序员觉得这个东西需要重定位EXE,也就是涉及到汇编语言.其实,根本不用什么汇编,用Delphi一样可以做到,点这里[http://www.138soft.com/htm/MemoryRun.zip]下载内存运行EXE演示,包括了使用说明和两个例子:一个例子是类似于UPX之类的加壳软件,另外一个例子是运行资源文件里面的EXE.注意:请用Delphi7编译,因为我是用Delphi7编写的.
 
谢谢大哥!
 
jingtao 大侠:<br>  您好,我到您网站也看了,想不到您这么年轻有为,未来的大侠非您莫属,如果方便,请发一个MemoryRun.pas到:wjp100cn@163.com,我会终身感谢并永远记着您,谢谢!<br>
 
我也想要一份,谢了。<br>delphi21@163.com
 
&nbsp; &nbsp;to delphi爱:<br>&nbsp; &nbsp; &nbsp; &nbsp;jingtao哥,早就是著名的大虾了。。<br>&nbsp; &nbsp; &nbsp; &nbsp;还有,几句甜言蜜语就想要来Code?? <br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; :)
 
经韬大侠:<br>  能否好人做到低,请发一个MemoryRun.pas到:wjp8@163.com中,再次谢谢!
 
值得研究一下。
 
经韬大侠:<br>&nbsp; &nbsp; [http://www.138soft.com/htm/MemoryRun.zip]下载内存运行EXE演示,包括了使用说明和两个例子:一个例子是类似于UPX之类的加壳软件,另外一个例子是运行资源文件里面的EXE.注意:请用Delphi7编译,因为我是用Delphi7编写的.<br><br>&nbsp; &nbsp; &nbsp;资源文件里面的EXE如果是一个单独的EXE(一个软件只有EXE,没有其他数据库或DLL),那么您给的运行资源文件里面的EXE还可运行,如果资源EXE还有需数据库或DLL不能分离,那包含到资源文件再运行时就会出错。错误信息是:‘Runtime error 216 at 009A32D6’。请陈大侠再看一看,谢谢!<br><br>
 
如果资源EXE还有数据库或DLL,那包含到资源文件再运行时就会出错!!!
 
那个倒没有试验.那个例子是晚上洗澡后临时写的.这个其实与UPX之类是不一样的.这个是重构建内存表.而UPX是重组EXE,关于重组EXE的话代码比较大,可以参考一下这个问题的我前面贴的部分代码.实际上,dll也可以用这个内存定位方法,不过计算那个地址的公式前面两个参数不一样而已.刚才试验了一下是成功的.<br>这个例子主要是想说明DELPHI不用内镶汇编也能做到而已,知道就可以了,没必要过多研究这种东西,没有市场价值的.
 
我在google上找到一个C的,只支持NT以上。不知道是否真的行。代码比较短<br>#define WIN32_NO_STATUS<br>#include &lt;windows.h&gt;<br>#undef &nbsp;WIN32_NO_STATUS<br><br>namespace NT {<br>&nbsp; &nbsp; extern "C" {<br><br>#pragma warning(disable: 4005) &nbsp;// macro redefinition<br>#include &lt;ntddk.h&gt;<br>#pragma warning(default: 4005)<br><br>&nbsp; &nbsp; }<br>}<br>using NT::NTSTATUS;<br><br>typedef struct _DEBUG_CONTROL {<br>&nbsp; &nbsp; ULONG L0 : 1;<br>&nbsp; &nbsp; ULONG G0 : 1;<br>&nbsp; &nbsp; ULONG L1 : 1;<br>&nbsp; &nbsp; ULONG G1 : 1;<br>&nbsp; &nbsp; ULONG L2 : 1;<br>&nbsp; &nbsp; ULONG G2 : 1;<br>&nbsp; &nbsp; ULONG L3 : 1;<br>&nbsp; &nbsp; ULONG G3 : 1;<br>&nbsp; &nbsp; ULONG LE : 1;<br>&nbsp; &nbsp; ULONG GE : 1;<br>&nbsp; &nbsp; ULONG &nbsp; &nbsp;: 3;<br>&nbsp; &nbsp; ULONG GD : 1;<br>&nbsp; &nbsp; ULONG &nbsp; &nbsp;: 2;<br>&nbsp; &nbsp; ULONG RWE0 : 2;<br>&nbsp; &nbsp; ULONG LEN0 : 2;<br>&nbsp; &nbsp; ULONG RWE1 : 2;<br>&nbsp; &nbsp; ULONG LEN1 : 2;<br>&nbsp; &nbsp; ULONG RWE2 : 2;<br>&nbsp; &nbsp; ULONG LEN2 : 2;<br>&nbsp; &nbsp; ULONG RWE3 : 2;<br>&nbsp; &nbsp; ULONG LEN3 : 2;<br>} DEBUG_CONTROL, *PDEBUG_CONTROL;<br><br><br>VOID preppatch()<br>{<br>&nbsp; &nbsp; CONTEXT context = {CONTEXT_DEBUG_REGISTERS};<br><br>&nbsp; &nbsp; PDEBUG_CONTROL dr7 = PDEBUG_CONTROL(&amp;context.Dr7);<br><br>&nbsp; &nbsp; context.Dr0 = ULONG(GetProcAddress(GetModuleHandle("ntdll.dll"),<br>"ZwCreateThread"));<br><br>&nbsp; &nbsp; dr7-&gt;L0 = 1, dr7-&gt;RWE0 = 0, dr7-&gt;LEN0 = 0;<br><br>&nbsp; &nbsp; SetThreadContext(GetCurrentThread(), &amp;context);<br>}<br><br>LONG patch(PEXCEPTION_POINTERS ep)<br>{<br>&nbsp; &nbsp; if (ep-&gt;ExceptionRecord-&gt;ExceptionCode == EXCEPTION_SINGLE_STEP) {<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HANDLE hProcess = PHANDLE(ep-&gt;ContextRecord-&gt;Esp)[4];<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PCONTEXT context = ((PCONTEXT*)(ep-&gt;ContextRecord-&gt;Esp))[6];<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT::PROCESS_BASIC_INFORMATION pbi;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT::NtQueryInformationProcess(hProcess, NT::ProcessBasicInformation,<br>&amp;pbi, sizeof pbi, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID x; ReadProcessMemory(hProcess, PCHAR(pbi.PebBaseAddress) + 8,<br>&amp;x, sizeof x, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT::ZwUnmapViewOfSection(hProcess, x);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HRSRC hRsrc = FindResource(0, "Image", "EXE");<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HGLOBAL hGlobal = LoadResource(0, hRsrc);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID p = LockResource(hGlobal);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PIMAGE_NT_HEADERS nt = PIMAGE_NT_HEADERS(PCHAR(p) +<br>PIMAGE_DOS_HEADER(p)-&gt;e_lfanew);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID q = VirtualAllocEx(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PVOID(nt-&gt;OptionalHeader.ImageBase),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nt-&gt;OptionalHeader.SizeOfImage,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;MEM_RESERVE | MEM_COMMIT,<br>PAGE_EXECUTE_READWRITE);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess, PCHAR(q), PCHAR(p), 0x1000, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PIMAGE_SECTION_HEADER sect = IMAGE_FIRST_SECTION(nt);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; for (ULONG i = 0; i &lt; nt-&gt;FileHeader.NumberOfSections; i++)<br><br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PCHAR(q) + sect.VirtualAddress,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PCHAR(p) + sect.PointerToRawData,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;sect.SizeOfRawData, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess, PCHAR(pbi.PebBaseAddress) + 8, &amp;q,<br>sizeof q, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; context-&gt;Eax = ULONG(q) + nt-&gt;OptionalHeader.AddressOfEntryPoint;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; ep-&gt;ContextRecord-&gt;Dr7 = 0;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; return EXCEPTION_CONTINUE_EXECUTION;<br>&nbsp; &nbsp; }<br><br>&nbsp; &nbsp; return EXCEPTION_CONTINUE_SEARCH;<br>}<br><br>int main(int argc, char *argv[])<br>{<br>&nbsp; &nbsp; PROCESS_INFORMATION pi;<br>&nbsp; &nbsp; STARTUPINFO si = {sizeof si};<br><br>&nbsp; &nbsp; __try {<br>&nbsp; &nbsp; &nbsp; &nbsp; preppatch();<br><br>&nbsp; &nbsp; &nbsp; &nbsp; CreateProcess(0, "Explorer", 0, 0, FALSE, 0, 0, 0, &amp;si, &amp;pi);<br>&nbsp; &nbsp; }<br>&nbsp; &nbsp; __except (patch(GetExceptionInformation())) {}<br><br>&nbsp; &nbsp; return 0;<br>}<br>
 
我发现一个很好用的方法,用VB的资源编辑器装入要的图标,声音,文件等,保存成RES,DELPHI就可以调用了,VB的资源编辑器很好用
 
DELPHI也有资源编辑器
 
牛比!!!!!!!!!
 
我昨天才体会到 jingtao 哥的苦衷。。昨天,我正在写代码,有人问我问题,<br>由于我是隐身的,完全没有必要理睬,但是出于好心,我就回了一句,给他<br>指了个方向。。。 结果呢?就缠着我要我写代码,我怎么可能放下自己的事<br>情帮你写代码呢??最后当然我没有写,而那人却非常生气。。好象欠他几百<br>万似的,哎。。。。在这里我想说一句,任何人都没有义务帮助任何人解决问题,<br>给你说了是情分,不说是本分,怪不得别人的。。。象jingtao哥那么有名气的,<br>而且又不象我喜欢隐身,还不知会碰到多少这样的人,嘿嘿! &nbsp; &nbsp;:)
 
后退
顶部