C # memory Runner/Crtmemexecute

Source: Internet
Author: User

A memory run program or a dummy program can also be called a Shell to run your program,

The simple pendulum is forced to hang after the program is created and uninstall the original program's original area, write

code in the new program is re-executed, if it's a bright side, it can protect the program,

If the dark side is a pure viral Trojan

It is best to choose to run in a system process, such as cmd,svchost it is just a

Straight pick -and-wear through the firewall is a very attractive condition, not to mention svchost even kill

Soft also dare not easy to hands,

If it is the process of QQ itself, you can make a similar interface with QQ

Write all kinds of malicious code in your program, steal QQ account password and monitor

user actions and QQ forms on all the information, and the use of some of QQ privileges,

and the user can't find it, but it does exist in the public's mind. Don't you think it's wonderful?

but it's illegal. Try not to do this technique if you Application On the protection software,

I think it would be a good thing,

DLL itself is non-toxic, as for the use of developers have ulterior motives and I

It is not possible to know that the DLL is compiled in a x86 environment, simple to say

When you use this DLL in your project, you must select the x86 environment,

Jinshan Eye Safety Report: http://fireeye.ijinshan.com/analyse.html?md5=61704f7ab843efcf3acdd1efc8c3b6b4&sha1= A4c3d63ae190a676d52bc414d052a30e4f6caddd&type=1

At first I didn't want to write as native DLL, but later because I couldn't

Svchost run cmd and chose to give up, the specific reason is not yet known

But native can, at least, be compatible with multiple languages and itself

Managed code runs on the CLR, with some certainty that there are some differences,

C #, Delphi, C + +, E, VB is also a good choice, right?


Crtmemexecute returned is a (process ID/PID)

You can get the operation by Process.getprocessbyid it

. NET upper-level mutual help class,

Crtmemexecute The first parameter is the byte that you want to run in the host memory

Crtmemexecute The second parameter is the host file to be run

Crtmemexecute The third parameter is the length of bytes to run in the host memory


Source code: Http://pan.baidu.com/s/1jGENpAI

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

C # memory Runner/Crtmemexecute

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.