C # memory Runner/Crtmemexecute

A memory run program or a dummy program can also be called a Shell to run your program,

The simple pendulum is forced to hang after the program is created and uninstall the original program's original area, write

code in the new program is re-executed, if it's a bright side, it can protect the program,

If the dark side is a pure viral Trojan

It is best to choose to run in a system process, such as cmd,svchost it is just a

Straight pick -and-wear through the firewall is a very attractive condition, not to mention svchost even kill

Soft also dare not easy to hands,

If it is the process of QQ itself, you can make a similar interface with QQ

Write all kinds of malicious code in your program, steal QQ account password and monitor

user actions and QQ forms on all the information, and the use of some of QQ privileges,

and the user can't find it, but it does exist in the public's mind. Don't you think it's wonderful?

but it's illegal. Try not to do this technique if you Application On the protection software,

I think it would be a good thing,

DLL itself is non-toxic, as for the use of developers have ulterior motives and I

It is not possible to know that the DLL is compiled in a x86 environment, simple to say

When you use this DLL in your project, you must select the x86 environment,

Jinshan Eye Safety Report: http://fireeye.ijinshan.com/analyse.html?md5=61704f7ab843efcf3acdd1efc8c3b6b4&sha1= A4c3d63ae190a676d52bc414d052a30e4f6caddd&type=1

At first I didn't want to write as native DLL, but later because I couldn't

Svchost run cmd and chose to give up, the specific reason is not yet known

But native can, at least, be compatible with multiple languages and itself

Managed code runs on the CLR, with some certainty that there are some differences,

C #, Delphi, C + +, E, VB is also a good choice, right?

Crtmemexecute returned is a (process ID/PID)

You can get the operation by Process.getprocessbyid it

. NET upper-level mutual help class,

Crtmemexecute The first parameter is the byte that you want to run in the host memory

Crtmemexecute The second parameter is the host file to be run

Crtmemexecute The third parameter is the length of bytes to run in the host memory

Source code: Http://pan.baidu.com/s/1jGENpAI

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

C # memory Runner/Crtmemexecute