问题描述
如何使用C ++从RAM运行可执行文件?
How can I run an executable from RAM using C++?
可执行文件在RAM中,我知道地址,如何从我的程序调用?
The executable is in RAM, and I know the address, how do I call into the program from mine?
推荐答案
这种事情通常来自世界的黑暗角落。 ; - )
This sort of things comes normally out of the dark corners of the world. ;-)
与metasploit这样的工具结合使用将会很好的创建进程只是出了ram,所以一对夫妇试图重新实现所有发生的事情在CreateProcess()。过一段时间后,他们发现它太复杂了(请参阅 site 12f)得到这个工作,他们试图找到另一个解决方案,这里是:
他们调用一个普通的CreateProcess()与一个通用的程序(例如notepad.exe),但他们启动它与ThreadSuspended。
然后他们向这个进程注入了一个新的线程,这将从内存中填满。然后他们告诉这个线程运行,所以他们得到一个新的过程从内存填充。
In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDF site 12f) to get this to work and they tried to find another solution and here it is:They call a normal CreateProcess() with a common program (e.g. notepad.exe), but they start it with ThreadSuspended.Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.
所以这只是一个大图片,它是一个整体(通常不是正确的方式)做这个东西。如果你真的对这部分感兴趣,那么你有一个想法来搜索。
So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff. If you really interested in this part, then you have an idea to search for.
顺便说一下,不要以为你可以这样做在C#。这通常是在C / C ++或甚至汇编...
And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...
这篇关于如何使用C ++从RAM运行可执行文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!