MemoryModule
MemoryModule copied to clipboard
fancycode
[WIP] Provide ANSI and UNICODE versions of all resource functions.
Your code is not required. It is even exactly the OPPOSITE: You can delete all the resource functions:
MemoryFindResource( )
_MemorySearchResourceEntry( )
MemoryFindResourceEx( )
MemorySizeofResource( )
MemoryLoadResource( )
MemoryLoadString( )
MemoryLoadStringEx( )
NONE of these functions is required. Let Windows do that job.
You only must do a tiny change in the struct MEMORYMODULE: Change the order of the first 2 entries:
typedef struct
{
BYTE* codeBase;
PIMAGE_NT_HEADERS headers;
HCUSTOMMODULE *modules;
int numModules;
.....
} MEMORYMODULE, *PMEMORYMODULE;
so codeBase becomes the first entry.
Then you can test that in DllLoader.cpp with:
void LoadFromMemory(void)
{
.........
HMEMORYMODULE handle = MemoryLoadLibrary(data, size);
// Load MEMORYMODULE->codeBase into HINSTANCE
HINSTANCE h_Inst = ((HINSTANCE*)handle)[0];
HRSRC resourceInfo = FindResource(h_Inst, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION);
_tprintf(_T("MemoryFindResource returned 0x%p\n"), resourceInfo);
DWORD resourceSize = SizeofResource(h_Inst, resourceInfo);
LPVOID resourceData = LoadResource (h_Inst, resourceInfo);
_tprintf(_T("Memory resource data: %ld bytes at 0x%p\n"), resourceSize, resourceData);
char s8_Buf[100];
LoadStringA(h_Inst, 1, s8_Buf, 100);
printf("MemoryLoadStringA: %s\n", s8_Buf); // print "Hello"
WCHAR u16_Buf[100];
LoadStringW(h_Inst, 20, u16_Buf, 100);
wprintf(L"MemoryLoadStringW: %s\n", u16_Buf); // print "World!"
MemoryFreeLibrary(handle);
}
As you see I only use the Windows resource functions for a DLL which has been loaded with MemoryLoadLibrary(). I don't know why Joachim has made it so complicated.
You can even use LoadImage() and LoadCursor() etc... I tested that on Windows XP up to Windows 10.
