从RAM复制运行exe？ [英] Copy running exe from RAM?

问题描述

您好，



是否可以从RAM复制正在运行的exe文件，然后将其保存到硬盘并重用其功能？

Hello,

Is is possible to copy running exe file from RAM and then save it to hard drive and reuse its functionalities?

推荐答案

可能吗？可能不是。



这只是我对Windows Loader如何工作的理解。您必须使用在内存中找到的代码和数据重建一个全新的.EXE。可执行文件在整个内存中加载到各个段中，而不是同时加载。您会发现.EXE可以部分加载到内存中而无需加载整个内容来启动它。您正在查看的数据将不完整，因此内存中没有足够的信息来准确重建.EXE。

Possible? Probably not.

This is just speculation from my understanding of how the Windows Loader works. You'd have to reconstruct an entirely new .EXE using the code and data you find in memory. An executable is loaded in various segments throughout memory and not all at once either. You will find that an .EXE can be partially loaded into memory without loading the entire thing to start it. The data you're looking at won't be complete so there's really not enough information in memory to rebuild the .EXE accurately.

我只是猜测您想要绕过安全系统在应用程序启动时，这是一种避免它们的方法 - 当然我想不出任何其他原因试图将运行exe保存到磁盘并恢复它。



我很高兴地说它不起作用。

应用程序不仅仅是内存，内存中的值受上下文和其他信息的影响。例如，程序计数器在应用程序运行时不存储在内存中，它位于核心内的特殊寄存器中。并且从一次运行到下一次运行时窗口句柄值不一样：所以内存转储不会引用正确的控件。



算了吧：买一个合法的版本，并试图欺骗开发公司。

I'm just guessing that you want to bypass security systems on app startup, and this is a way to avoid them - certainly I can't think of any other reason for trying to save a "running exe" to disk and restore it.

And I'm glad to say that it won't work.
An application is not just the memory, the values in that memory are subject to context, and additional information. For example, the Program Counter is not stored in memory while the app is running, it is located in a special register inside the core. And window handle values will not be the same from one run to the next: so the "memory dump" would not refer to the right controls.

Forget it: buy a legit version and stop trying to cheat the developers company.

我会复制可执行文件文件。

如果您真的对访问正在运行的进程记忆感兴趣，那么请查看调试功能 [ ^ ]。

I would copy the executable file instead.
If you are really interested at accessing running process memeory, then have a look at the Debugging Functions[^].

这篇关于从RAM复制运行exe？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！