Piron
April 8th, 2003, 03:56
Hi,
I am writing this message here because my idea works like a loader/unpacker and working styles of them can help me :
Problem is this : I am writing a program tha will load a second one but I want to load it from one of my resurce files. I write code to load exe from resource to memory and getting a pointer for beginning of it. No problem with it.
I am using createprocess to load an exe with same name and same size (all same I just copy it to disk but this has a different window header to see which is working).
I looked exe with wdasm and I see that imagebase is 51000000
I don' understand this. I write this exe with delpgi and 00400000 is set in delphi?? I ignored it.
I used create_suspended for not starting exe. And after that I use a writeprocessmemory to write from resourcefiles beginning to 51000000 but I get error 487 , I tried to put a virtualprotectex but I am getting an error of 87.
So what can I do ?
I found a software that called thinstall; It uses a virtual directory,
packes all your files into one exe, hooks apicalls to load files and if they are in it's virtual directory it is loading them from there. That is very near what I want but program is nearly $750 and that is too much for me. there is not a crack or a serial for it. It checks serial with an internet connection. Too much for me. I write to programmers of it but they said they can not help me....
I am adding code bellow to see what hell is it ....
Is anyone has idea (with a sample) about how this works ??
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
function GetResourceAsPointer(ResName: pchar; ResType: pchar;out Size: longword): pointer;
implementation
{$R *.dfm}
{$R c:\test\test.RES}
procedure TForm1.Button1Click(Sender: TObject);
Var
path:string;
// Res: TResourceStream;
res:Pchar;
StartInfo : TStartupInfo;
ProcInfo : TProcessInformation;
tamam:boolean;
WrittenBytes: Cardinal;
ResSize: Longword;
oldattr: longword;
aaa:variant;
lpMsgBuf:string;
begin
GetDir(0,Path);
res:=GetResourceAsPointer('TESTFILE', PChar('EXEFILE'), ResSize);
FillChar(StartInfo,SizeOf(TStartupInfo),#0);
FillChar(ProcInfo,SizeOf(TProcessInformation),#0);
StartInfo.cb := SizeOf(TStartupInfo);
Tamam := CreateProcess( PChar('LOOP_TEST.EXE'), nil, nil, nil,False,
CREATE_SUSPENDED+NORMAL_PRIORITY_CLASS,
nil, nil, StartInfo, ProcInfo);
tamam:=VirtualProtectEx(ProcInfo.hProcess ,nil,4096,PAGE_READWRITE,pointer(oldattr));
aaa:=GetLastError();
tamam:=true;
If tamam=true Then
Begin
Tamam:=False;
tamam:=WriteProcessMemory(ProcInfo.hProcess ,Pointer($51000000),res,resSize,WrittenBytes );
//I get an error of 87 invalid arguments here
aaa:=GetLastError();
// tamam:=VirtualProtectEx(ProcInfo.hProcess ,Pointer($51000000),resSize,PAGE_EXECUTE,pointer(oldattr));
// tamam:=WriteProcessMemory(ProcInfo.hProcess ,Pointer($51000000),res,resSize,WrittenBytes );
//I get an error of 487 invalid adres here
If tamam=true Then
ResumeThread(ProcInfo.hThread );
CloseHandle(ProcInfo.hProcess);
CloseHandle(ProcInfo.hThread);
End;
end;
function GetResourceAsPointer(ResName: pchar; ResType: pchar;out Size: longword): pointer;
var
InfoBlock: HRSRC;
GlobalMemoryBlock: HGLOBAL;
begin
InfoBlock := FindResource(hInstance, resname, restype);
if InfoBlock = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
size := SizeofResource(hInstance, InfoBlock);
if size = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
GlobalMemoryBlock := LoadResource(hInstance, InfoBlock);
if GlobalMemoryBlock = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
Result := LockResource(GlobalMemoryBlock);
if Result = nil then
raise Exception.Create(SysErrorMessage(GetLastError));
end;
end.
I am writing this message here because my idea works like a loader/unpacker and working styles of them can help me :
Problem is this : I am writing a program tha will load a second one but I want to load it from one of my resurce files. I write code to load exe from resource to memory and getting a pointer for beginning of it. No problem with it.
I am using createprocess to load an exe with same name and same size (all same I just copy it to disk but this has a different window header to see which is working).
I looked exe with wdasm and I see that imagebase is 51000000
I don' understand this. I write this exe with delpgi and 00400000 is set in delphi?? I ignored it.
I used create_suspended for not starting exe. And after that I use a writeprocessmemory to write from resourcefiles beginning to 51000000 but I get error 487 , I tried to put a virtualprotectex but I am getting an error of 87.
So what can I do ?
I found a software that called thinstall; It uses a virtual directory,
packes all your files into one exe, hooks apicalls to load files and if they are in it's virtual directory it is loading them from there. That is very near what I want but program is nearly $750 and that is too much for me. there is not a crack or a serial for it. It checks serial with an internet connection. Too much for me. I write to programmers of it but they said they can not help me....
I am adding code bellow to see what hell is it ....
Is anyone has idea (with a sample) about how this works ??
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
function GetResourceAsPointer(ResName: pchar; ResType: pchar;out Size: longword): pointer;
implementation
{$R *.dfm}
{$R c:\test\test.RES}
procedure TForm1.Button1Click(Sender: TObject);
Var
path:string;
// Res: TResourceStream;
res:Pchar;
StartInfo : TStartupInfo;
ProcInfo : TProcessInformation;
tamam:boolean;
WrittenBytes: Cardinal;
ResSize: Longword;
oldattr: longword;
aaa:variant;
lpMsgBuf:string;
begin
GetDir(0,Path);
res:=GetResourceAsPointer('TESTFILE', PChar('EXEFILE'), ResSize);
FillChar(StartInfo,SizeOf(TStartupInfo),#0);
FillChar(ProcInfo,SizeOf(TProcessInformation),#0);
StartInfo.cb := SizeOf(TStartupInfo);
Tamam := CreateProcess( PChar('LOOP_TEST.EXE'), nil, nil, nil,False,
CREATE_SUSPENDED+NORMAL_PRIORITY_CLASS,
nil, nil, StartInfo, ProcInfo);
tamam:=VirtualProtectEx(ProcInfo.hProcess ,nil,4096,PAGE_READWRITE,pointer(oldattr));
aaa:=GetLastError();
tamam:=true;
If tamam=true Then
Begin
Tamam:=False;
tamam:=WriteProcessMemory(ProcInfo.hProcess ,Pointer($51000000),res,resSize,WrittenBytes );
//I get an error of 87 invalid arguments here
aaa:=GetLastError();
// tamam:=VirtualProtectEx(ProcInfo.hProcess ,Pointer($51000000),resSize,PAGE_EXECUTE,pointer(oldattr));
// tamam:=WriteProcessMemory(ProcInfo.hProcess ,Pointer($51000000),res,resSize,WrittenBytes );
//I get an error of 487 invalid adres here
If tamam=true Then
ResumeThread(ProcInfo.hThread );
CloseHandle(ProcInfo.hProcess);
CloseHandle(ProcInfo.hThread);
End;
end;
function GetResourceAsPointer(ResName: pchar; ResType: pchar;out Size: longword): pointer;
var
InfoBlock: HRSRC;
GlobalMemoryBlock: HGLOBAL;
begin
InfoBlock := FindResource(hInstance, resname, restype);
if InfoBlock = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
size := SizeofResource(hInstance, InfoBlock);
if size = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
GlobalMemoryBlock := LoadResource(hInstance, InfoBlock);
if GlobalMemoryBlock = 0 then
raise Exception.Create(SysErrorMessage(GetLastError));
Result := LockResource(GlobalMemoryBlock);
if Result = nil then
raise Exception.Create(SysErrorMessage(GetLastError));
end;
end.