This sort of things comes normally out of the dark corners of the world. ;-)

这种事情通常来自世界的黑暗角落。;-)

In combination with tools like metasploit it would be great to create process just out of ram and so a couple of guys tried to reimplement all the stuff that happens down in CreateProcess(). After a while they just found out that it is much too complex (see this PDFsite 12f) to get this to work and they tried to find another solution and here it is: They call a normal CreateProcess() with a common program (e.g. notepad.exe), but they start it with ThreadSuspended. Then they injected a new thread into this process, which will be filled up from memory. Afterwards they told this thread to run and so they got a new process filled from memory.

结合像 metasploit 这样的工具，用 ram 来创建进程会很棒，所以一些人试图重新实现在 CreateProcess() 中发生的所有东西。过了一会儿，他们才发现它太复杂了（参见这个 PDF站点 12f），无法让它工作，他们试图找到另一个解决方案，这里是：他们用一个通用程序调用一个普通的 CreateProcess()（例如notepad.exe），但它们以 ThreadSuspended 启动它。然后他们向这个进程注入了一个新线程，这个线程将从内存中被填满。之后他们告诉这个线程运行，所以他们从内存中填充了一个新进程。

So this is just the big picture and it is a whole mess (and normally not the right way) to do this stuff. If you really interested in this part, then you have an idea to search for.

所以这只是大局，做这些事情是一团糟（通常不是正确的方法）。如果您真的对这部分感兴趣，那么您就有了搜索的想法。

And by the way, don't think you can do this in C#. This is normally done in C/C++ or even Assembler...

顺便说一句，不要认为你可以在 C# 中做到这一点。这通常是在 C/C++ 甚至汇编程序中完成的......

Do you mean that you have loaded the contents of the EXE file into RAM and now want to run that executable?

您的意思是您已将 EXE 文件的内容加载到 RAM 中，现在想要运行该可执行文件吗？

Since you're talking about an EXE, I assume you're running under Windows. To my knowledge, Windows can't do this -- your only option is to save the executable back to a file and run that (using CreateProcess, for example).

由于您在谈论 EXE，我假设您在 Windows 下运行。据我所知，Windows 不能这样做——您唯一的选择是将可执行文件保存回文件并运行它（CreateProcess例如，使用）。

EditHere is how you would run the process.

编辑这是您运行该过程的方式。

In C++:

在 C++ 中：

STARTUPINFO si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));

if(!CreateProcess("myfilename.exe", NULL, NULL, NULL, FALSE, 0, NULL, 
    NULL, &si, &pi ))
{
    // An error occurred
}

In C#:

在 C# 中：

using System;
using System.Diagnostics;

Process.Start("myfilename.exe");

You mean communicating with another application that is running at the same time as yours? That depends on which operating system you are using. In any case, Wikipedia has an article on Interprocess Communication, which shows some basic techniques.

您的意思是与另一个与您同时运行的应用程序通信？这取决于您使用的操作系统。无论如何，维基百科有一篇关于进程间通信的文章，其中展示了一些基本技术。

The same way you would run it from disk. Your program doesn't know whether it's already loaded (i.e. in RAM) or on disk. This is abstracted away by the operating system.

与从磁盘运行它的方式相同。您的程序不知道它是已经加载（即在 RAM 中）还是在磁盘上。这被操作系统抽象掉了。

Mabye this could help you: http://www.codeproject.com/Articles/13897/Load-an-EXE-File-and-Run-It-from-Memory

Mabye 这可以帮助你：http: //www.codeproject.com/Articles/13897/Load-an-EXE-File-and-Run-It-from-Memory

PS: Writing an malware is not illegal (im most countries ;) ) using is!

PS：编写恶意软件并不违法（在大多数国家/地区；））使用 is！