For the sake of learning I'm trying to do what the OS does when launching a pro开发者_如何学编程gram ie. parsing a PE file and giving it a thread of execution.
If I have two exe's one called foo.exe and the other bar.exe, how could I have foo.exe load the contents of bar.exe into memory then have it execute from there in its own thread? I know how to get it into memory using MapViewOfFile or by simple loading the contents on the hard drive into a buffer. I'm assuming simply copying the contents of bar.exe on disk into its own suspended thread and running it wouldn't work. I am semi-familiar with PE file internals. All help is very much appreciated, of course :)
First, Lambert is correct. EXEs run in their own process. The reason why EXEs can't load into another process is because they are not compiled for relative addressing and can not be easily have its code remapped to another address. Developers launch other EXE programs with the Win32 system call, "CreateProcess". But I don't think that was your question...
I think you want to know how to manually load code from a binary into running process (and have it run on a dedicated thread). Most developers just call LoadLibrary/GetProcessAddress to map a DLL into the process space and CreateThread to launch a thread.
So I think what you are basically asking, "how do I implement the core component of the kernel and OS known as the loader?" Or put another way, "how do I implement CreateProcess and LoadLibrary myself?"
The OS loader does more than just parse binary files into memory and set the instruction pointer to the first line of code. It also loads other dependent DLLs. Because the process may already have allocated other code to run at the target address that the DLL was compiled to, it may also have to do fixup the addresses of the DLL to load it at another address. I'm likely missing many other steps including virtual memory allocation for the binary code itself.
I do recommend looking at the Richter book for its sections on processes, threads, and DLLs. He discusses a bit of this and some details on parsing the PE format of DLLs.
Studying the Linux kernel implementation of how it loads .SO files into a process space may also be a worthwhile study.
Executable always runs as a separate process. It cannot be made to run in a thread of some other process. However you can run your executable as a process from a thread of some other process. Have a look at CreateProcess() function!
Since I personally don't like answers that say "why do you even want to do this?", here is a link that would be very helpful. But do be warned that you'll probably not succeed, since EXEs simply don't expect to be run in a thread of another process.
精彩评论