|
5精币
从网上下载了一份内存加载源码但是不会用
下面是代码 如果我想内存加载运行C://1.exe 怎么办
// MemRun.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include "zlib/zlib.h"
//#define SIZEBEFORE 0x2700d//0x3ae00
typedef IMAGE_SECTION_HEADER (*PIMAGE_SECTION_HEADERS)[1];
// 计算对齐后的大小
unsigned long GetAlignedSize(unsigned long Origin, unsigned long Alignment)
{
return (Origin + Alignment - 1) / Alignment * Alignment;
}
// 计算加载pe并对齐需要占用多少内存
// 未直接使用OptionalHeader.SizeOfImage作为结果是因为据说有的编译器生成的exe这个值会填0
unsigned long CalcTotalImageSize(PIMAGE_DOS_HEADER MzH
, unsigned long FileLen
, PIMAGE_NT_HEADERS peH
, PIMAGE_SECTION_HEADERS peSecH)
{
unsigned long res;
// 计算pe头的大小
res = GetAlignedSize( peH->OptionalHeader.SizeOfHeaders
, peH->OptionalHeader.SectionAlignment
);
// 计算所有节的大小
for( int i = 0; i < peH->FileHeader.NumberOfSections; ++i)
{
// 超出文件范围
if(peSecH->PointerToRawData + peSecH->SizeOfRawData > FileLen)
return 0;
else if(peSecH->VirtualAddress)//计算对齐后某节的大小
{
if(peSecH->Misc.VirtualSize)
{
res = GetAlignedSize( peSecH->VirtualAddress + peSecH->Misc.VirtualSize
, peH->OptionalHeader.SectionAlignment
);
}
else
{
res = GetAlignedSize( peSecH->VirtualAddress + peSecH->SizeOfRawData
, peH->OptionalHeader.SectionAlignment
);
}
}
else if( peSecH->Misc.VirtualSize < peSecH->SizeOfRawData )
{
res += GetAlignedSize( peSecH->SizeOfRawData
, peH->OptionalHeader.SectionAlignment
);
}
else
{
res += GetAlignedSize( peSecH->Misc.VirtualSize
, peH->OptionalHeader.SectionAlignment
);
}// if_else
}// for
return res;
}
// 加载pe到内存并对齐所有节
BOOL AlignPEToMem( void *Buf
, long Len
, PIMAGE_NT_HEADERS &peH
, PIMAGE_SECTION_HEADERS &peSecH
, void *&Mem
, unsigned long &ImageSize)
{
PIMAGE_DOS_HEADER SrcMz;// DOS头
PIMAGE_NT_HEADERS SrcPeH;// PE头
PIMAGE_SECTION_HEADERS SrcPeSecH;// 节表
SrcMz = (PIMAGE_DOS_HEADER)Buf;
if( Len < sizeof(IMAGE_DOS_HEADER) )
|
|