如何让软件在内存中执行?(5分)

比如在A中执行B(B是流),不通过存成硬盘文件,在内存中直接执行,该如何做到?<br><br>小弟只剩下5分了,还望各位大义帮小弟一把,感激不尽!

分析 PE 头<br>重定向地址，一大堆的东西要做的。

难道还有软件不是在内存中执行的。

改.NET吧，方便多了。win32的很麻烦。

个人不太喜欢。NET，为了使用它还必须装一套NET框架的平台在客户电脑上

很多程序员觉得这个东西需要重定位EXE,也就是涉及到汇编语言.其实,根本不用什么汇编,用Delphi一样可以做到,点这里[http://www.138soft.com/htm/MemoryRun.zip]下载内存运行EXE演示,包括了使用说明和两个例子:一个例子是类似于UPX之类的加壳软件,另外一个例子是运行资源文件里面的EXE.注意:请用Delphi7编译,因为我是用Delphi7编写的.

真扫兴! 如何在内存中执行的关键部分代码全部隐藏起来了！<br>CjtMemoryRun要这个东西有什么用？源码又不公开。<br>你要么别公开要公开就把源码公开。<br>另：那个UPX加壳总是把文件搞坏，而且不成功。

下面一个你试试。这种问题在google上的newsgroup搜也许能找到！<br>#define WIN32_NO_STATUS<br>#include &lt;windows.h&gt;<br>#undef &nbsp;WIN32_NO_STATUS<br><br>namespace NT {<br>&nbsp; &nbsp; extern "C" {<br><br>#pragma warning(disable: 4005) &nbsp;// macro redefinition<br>#include &lt;ntddk.h&gt;<br>#pragma warning(default: 4005)<br><br>&nbsp; &nbsp; }<br>}<br>using NT::NTSTATUS;<br><br>typedef struct _DEBUG_CONTROL {<br>&nbsp; &nbsp; ULONG L0 : 1;<br>&nbsp; &nbsp; ULONG G0 : 1;<br>&nbsp; &nbsp; ULONG L1 : 1;<br>&nbsp; &nbsp; ULONG G1 : 1;<br>&nbsp; &nbsp; ULONG L2 : 1;<br>&nbsp; &nbsp; ULONG G2 : 1;<br>&nbsp; &nbsp; ULONG L3 : 1;<br>&nbsp; &nbsp; ULONG G3 : 1;<br>&nbsp; &nbsp; ULONG LE : 1;<br>&nbsp; &nbsp; ULONG GE : 1;<br>&nbsp; &nbsp; ULONG &nbsp; &nbsp;: 3;<br>&nbsp; &nbsp; ULONG GD : 1;<br>&nbsp; &nbsp; ULONG &nbsp; &nbsp;: 2;<br>&nbsp; &nbsp; ULONG RWE0 : 2;<br>&nbsp; &nbsp; ULONG LEN0 : 2;<br>&nbsp; &nbsp; ULONG RWE1 : 2;<br>&nbsp; &nbsp; ULONG LEN1 : 2;<br>&nbsp; &nbsp; ULONG RWE2 : 2;<br>&nbsp; &nbsp; ULONG LEN2 : 2;<br>&nbsp; &nbsp; ULONG RWE3 : 2;<br>&nbsp; &nbsp; ULONG LEN3 : 2;<br>} DEBUG_CONTROL, *PDEBUG_CONTROL;<br><br><br>VOID preppatch()<br>{<br>&nbsp; &nbsp; CONTEXT context = {CONTEXT_DEBUG_REGISTERS};<br><br>&nbsp; &nbsp; PDEBUG_CONTROL dr7 = PDEBUG_CONTROL(&amp;context.Dr7);<br><br>&nbsp; &nbsp; context.Dr0 = ULONG(GetProcAddress(GetModuleHandle("ntdll.dll"),<br>"ZwCreateThread"));<br><br>&nbsp; &nbsp; dr7-&gt;L0 = 1, dr7-&gt;RWE0 = 0, dr7-&gt;LEN0 = 0;<br><br>&nbsp; &nbsp; SetThreadContext(GetCurrentThread(), &amp;context);<br>}<br><br>LONG patch(PEXCEPTION_POINTERS ep)<br>{<br>&nbsp; &nbsp; if (ep-&gt;ExceptionRecord-&gt;ExceptionCode == EXCEPTION_SINGLE_STEP) {<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HANDLE hProcess = PHANDLE(ep-&gt;ContextRecord-&gt;Esp)[4];<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PCONTEXT context = ((PCONTEXT*)(ep-&gt;ContextRecord-&gt;Esp))[6];<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT:ROCESS_BASIC_INFORMATION pbi;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT::NtQueryInformationProcess(hProcess, NT:rocessBasicInformation,<br>&amp;pbi, sizeof pbi, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID x; ReadProcessMemory(hProcess, PCHAR(pbi.PebBaseAddress) + 8,<br>&amp;x, sizeof x, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; NT::ZwUnmapViewOfSection(hProcess, x);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HRSRC hRsrc = FindResource(0, "Image", "EXE");<br><br>&nbsp; &nbsp; &nbsp; &nbsp; HGLOBAL hGlobal = LoadResource(0, hRsrc);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID p = LockResource(hGlobal);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PIMAGE_NT_HEADERS nt = PIMAGE_NT_HEADERS(PCHAR(p) +<br>PIMAGE_DOS_HEADER(p)-&gt;e_lfanew);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PVOID q = VirtualAllocEx(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PVOID(nt-&gt;OptionalHeader.ImageBase),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nt-&gt;OptionalHeader.SizeOfImage,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;MEM_RESERVE | MEM_COMMIT,<br>PAGE_EXECUTE_READWRITE);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess, PCHAR(q), PCHAR(p), 0x1000, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; PIMAGE_SECTION_HEADER sect = IMAGE_FIRST_SECTION(nt);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; for (ULONG i = 0; i &lt; nt-&gt;FileHeader.NumberOfSections; i++)<br><br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PCHAR(q) + sect.VirtualAddress,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PCHAR(p) + sect.PointerToRawData,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;sect.SizeOfRawData, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; WriteProcessMemory(hProcess, PCHAR(pbi.PebBaseAddress) + 8, &amp;q,<br>sizeof q, 0);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; context-&gt;Eax = ULONG(q) + nt-&gt;OptionalHeader.AddressOfEntryPoint;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; ep-&gt;ContextRecord-&gt;Dr7 = 0;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; return EXCEPTION_CONTINUE_EXECUTION;<br>&nbsp; &nbsp; }<br><br>&nbsp; &nbsp; return EXCEPTION_CONTINUE_SEARCH;<br>}<br><br>int main(int argc, char *argv[])<br>{<br>&nbsp; &nbsp; PROCESS_INFORMATION pi;<br>&nbsp; &nbsp; STARTUPINFO si = {sizeof si};<br><br>&nbsp; &nbsp; __try {<br>&nbsp; &nbsp; &nbsp; &nbsp; preppatch();<br><br>&nbsp; &nbsp; &nbsp; &nbsp; CreateProcess(0, "Explorer", 0, 0, FALSE, 0, 0, 0, &amp;si, &amp;pi);<br>&nbsp; &nbsp; }<br>&nbsp; &nbsp; __except (patch(GetExceptionInformation())) {}<br><br>&nbsp; &nbsp; return 0;<br>}<br>

delphi7