运行内存中的程序简单版08329bydtcser

运行内存中的程序简单版08329bydtcser系统结构:openfile,runfile,GetFileInfo,WriteProcessMemory,CloseHandle,ReadProcessMemory,CreateProcessA,GetStartupInfoA,ResumeThread,TerminateProcess,API_VirtualAllocEx,NtUnmapViewOfSection,复制IMAGEDOSHEADER,复制IMAGENTHEADER,取指针_字节集,GetModuleFileNameA,======窗口程序集1||||------_按钮1_被单击======窗口程序集1||||------_按钮1_被单击||||------_按钮2_被单击||||------openfile||||------runfile||||------GetFileInfo||||======调用的Dll||||---[dll]------WriteProcessMemory||||---[dll]------CloseHandle||||---[dll]------ReadProcessMemory||||---[dll]------CreateProcessA||||---[dll]------GetStartupInfoA||||---[dll]------ResumeThread||||---[dll]------TerminateProcess||||---[dll]------API_VirtualAllocEx||||---[dll]------NtUnmapViewOfSection||||---[dll]------复制IMAGEDOSHEADER||||---[dll]------复制IMAGENTHEADER||||---[dll]------取指针_字节集||||---[dll]------GetModuleFileNameA 调用的DLL命令:.DLL命令WriteProcessMemory,整数型,,"WriteProcessMemory".参数hProcess,整数型.参数lpBaseAddress,整数型.参数lpBuffer,字节集.参数nSize,整数型.参数lpNumberOfBytesWritten,整数型,传址.DLL命令CloseHandle,整数型,"kernel32","CloseHandle".参数对象句柄,整数型,,欲关闭的一个对象的句柄;.DLL命令ReadProcessMemory,整数型,,"ReadProcessMemory".参数hProcess,整数型.参数lpBaseAddress,整数型.参数lpBuffer,字节集.参数nSize,整数型.参数lpNumberOfBytesWritten,整数型,传址.DLL命令CreateProcessA,整数型,"kernel32.dll","CreateProcessA".参数要执行的程序名,文本型,,lpApplicationName，参见相关帮助.参数要执行的命令行,整数型,,lpCommandLine，参见相关帮助.参数安全特性参数1,整数型,,lpProcessAttributes，参见相关帮助.参数安全特性参数2,整数型,,lpThreadAttributes，参见相关帮助.参数允许新进程继承当前进程的句柄,整数型,,bInheritHandles，参见相关帮助.参数参数1,整数型,,dwCreationFlags，赋0即可.参数环境指针,整数型,,lpEnvironment，赋0即可.参数新进程当前目录路径,整数型,,lpCurrentDriectory，参见相关帮助.参数创建进程时附加信息,STARTUPINFO,,lpStartupInfo，创建进程时附加信息.参数新进程的进程和线程标识符,PROCESS_INFORMATION,,lpProcessInformation，参见相关帮助.DLL命令GetStartupInfoA,整数型,"kernel32","GetStartupInfoA",,获取当前过程的启始信息.参数启动信息,STARTUPINFO.DLL命令ResumeThread,整数型,"kernel32","ResumeThread",,开始暂停的线索.参数hThread,整数型.DLL命令TerminateProcess,整数型,"kernel32","TerminateProcess",,结束一个进程非零表示成功，零表示失败。会设置GetLastError.参数hProcess,整数型,,指定要中断的一个进程的句柄.参数uExitCode,整数型,,进程的一个退出代码;.DLL命令API_VirtualAllocEx,整数型,"kernel32.dll","VirtualAllocEx".参数hProcess,整数型.参数lpAddress,整数型.参数dwSize,整数型.参数flAllocationType,整数型.参数flProtect,整数型.DLL命令NtUnmapViewOfSection,,"ntdll.dll","NtUnmapViewOfSection".参数a.参数b.DLL命令复制IMAGEDOSHEADER,整数型,,"RtlMoveMemory".参数目标区块,IMAGEDOSHEADER.参数源区块,整数型.参数尺寸,整数型,,SIZE=64.DLL命令复制IMAGENTHEADER,整数型,,"RtlMoveMemory".参数目标区块,IMAGE_NT_HEADERS.参数源区块,整数型.参数尺寸,整数型,,SIZE=248.DLL命令取指针_字节集,整数型,,"lstrcpyn".参数欲取其指针,字节集,传址.参数欲取其指针,字节集,传址.参数保留,整数型,,0.DLL命令GetModuleFileNameA,整数型.参数a,整数型.参数b,文本型.参数c,整数型