Hi,
is there a way to call subroutines in other processes?
I mean how can I call a subroutine in another running program at location 4125B6 (for instance) ?
Many thanks,
MrSmith
P.S. Example code would be great.
is there a way to call subroutines in other processes?
I mean how can I call a subroutine in another running program at location 4125B6 (for instance) ?
Many thanks,
MrSmith
P.S. Example code would be great.
You can not call directly a subroutine in a remote process.
You can get the process handle of a remote process, then read/write to
that process, change values in its context.
If you know where is the routine in the remote process, you could intend
to change the value in the EIP of the remote process that you have attach it
as a debuggee. If you set the EIP register at the value of that address,
in the context of the remote process, then it will execute the instruction
that is there. But you can not pass any parameters nor get any return value.
But is possible share data between remote process through some methods.
Read the Iczelion tutorials about the debugging win32 api: 28, 29, 30; and
any article about sharing data between process, like:
http://spiff.tripnet.se/~iczelion/mmf.txt
regards
You can get the process handle of a remote process, then read/write to
that process, change values in its context.
If you know where is the routine in the remote process, you could intend
to change the value in the EIP of the remote process that you have attach it
as a debuggee. If you set the EIP register at the value of that address,
in the context of the remote process, then it will execute the instruction
that is there. But you can not pass any parameters nor get any return value.
But is possible share data between remote process through some methods.
Read the Iczelion tutorials about the debugging win32 api: 28, 29, 30; and
any article about sharing data between process, like:
http://spiff.tripnet.se/~iczelion/mmf.txt
regards
You just have to inject your code in target process and call desired subroutine from remote process itself.
Under NT clone it's easy to inject dll in any process through CreateRemoteThread trick.
The attached ex just finds Calculator process and injects dll into it.
Injected dll shows MessageBox with calculator's PID and unloads itself.
IIRC, CreateRemoteThread is also implemented in ME, but under 9x you need some other tricks.
You can find much info about dll/code injection. Just google.
Or simply use ApiHooks by EliCZ,
http://www.anticracking.sk/EliCZ/
Under NT clone it's easy to inject dll in any process through CreateRemoteThread trick.
The attached ex just finds Calculator process and injects dll into it.
Injected dll shows MessageBox with calculator's PID and unloads itself.
IIRC, CreateRemoteThread is also implemented in ME, but under 9x you need some other tricks.
You can find much info about dll/code injection. Just google.
Or simply use ApiHooks by EliCZ,
http://www.anticracking.sk/EliCZ/