c++ - Remote Injection -
so, i'm injecting code in memory of process this:
void remoteinj::executefunction(dword start, dword end, dword entry, remoteargs* args) { unsigned long id; int size = end - start; cout << size << endl; void* func = virtualallocex(hprocess, null, size+10, mem_commit, page_execute_readwrite); void* ep = (void*)(entry-start+(dword)(func)); writeprocessmemory(hprocess, func, (void*)start, size, null); void* data = virtualallocex(hprocess, null, sizeof(remoteargs)+1, mem_commit, page_readwrite); writeprocessmemory(hprocess, data, (void*)args, sizeof(remoteargs), null); cout << hex << func << endl; cout << "function: 0x" << hex << start << endl << "end: 0x" << hex << end << endl; system("pause"); createremotethread(hprocess, null, null, (lpthread_start_routine)ep, data, null, null); closehandle(hprocess); }
my problem is: if use calls in thread, example:
void f(remoteargs* arg) { while (true) { arg->psleep(50); //works sleep(50); //doesnt work } return; }
no need explain why doesn't work, know, it's process....my question is: there way make function this(sleep()) work, try importing process iat proper distance, have better idea?thanks!
as suspect, reason doesn't work right off bat call sleep in process goes location in import address table (iat) has jump real sleep implementation in kernel32.dll. though other process imports kernel32.dll (all processes do), not have identical iat.
there ways, none know of trivial.
Comments
Post a Comment