將程序安裝內存對齊的方式讀取到內存有兩種方法:
1、內存映射文件
2、PE加載器模擬法
1、內存映射文件
lpHeader所指內存是隻讀的,儘管是PAGE_READWRITE
// LoadPeWithMap.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <tchar.h>
#include <Windows.h>
int main(int argc, char* argv[])
{
TCHAR filename[] = _T ("c:\\windows\\notepad.exe");
PBYTE lpHeader = NULL ;
HANDLE hMap = NULL ;
HANDLE hFile = CreateFile (filename, GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ, NULL , OPEN_EXISTING, NULL, NULL );
if (INVALID_HANDLE_VALUE == hFile)
{
goto SAFE_EXIT;
}
hMap = CreateFileMapping(hFile, NULL , PAGE_READWRITE| SEC_IMAGE, 0, 0, NULL );
if (hMap == NULL )
{
goto SAFE_EXIT;
}
lpHeader = ( PBYTE)MapViewOfFile(hMap, FILE_MAP_READ | FILE_MAP_WRITE, NULL, NULL, 0);
if (lpHeader == NULL )
{
goto SAFE_EXIT;
}
SAFE_EXIT:
if (lpHeader != NULL )
{
UnmapViewOfFile(lpHeader);
}
if (hMap != INVALID_HANDLE_VALUE &&
hMap != NULL)
{
CloseHandle(hMap);
}
if (hFile != INVALID_HANDLE_VALUE &&
hFile != NULL)
{
CloseHandle(hFile);
}
return 0;