Interesting - I was wrong, then :stupid:

I was under the belief that all DLLs were located in shared memory... so this is only true for system DLLs? Hmm.
Posted on 2004-02-04 14:48:56 by f0dder
What about DLLs with shared section? For example, for hooking (SetWindowHook)
Posted on 2004-02-04 15:20:51 by comrade
Those are still loaded at low addresses. They may even be placed at different addresses in different memory contexts.
Posted on 2004-02-04 15:35:15 by Sephiroth3
Well, this was the Topic i was searching for a long period.But,not many have an Idea on 'How to work in Injected code?".
OCY 's Home page speaks well on this subject.
We need to get permission to copy the code and write it in the Memory.
"Matt Pietrk's" had figured out some Constants for the use of it.Also, there is an undocumented Kernel function
" VxDCall4 " (It's not that 'VxDCall0',- f0dder asked before).
Following URL contains simple MessageBoxA() API -hack
and also a Nice "Win9x API Hooking.doc"- file on Memory copying and Writing.Read it and Explore......

http://www.geocities.com/chuonyuen_ooi/files/MsgboxHack.zip

The Site also had an EXCELLENT Winsock32.dll Hooking prgm,which would log all the sending & recieving functions as well the GetHostByName() -API hack.So,check it out this too...

http://www.geocities.com/chuonyuen_ooi/files/IntHook2.zip

Any way i am still ignorant on how to call a separate procedure from that Injected code.
I raised the prob. earlier in the forum.But,Didn't get a satisfactory Reply.
I hope some one would get a better understanding on the above URL's.
Posted on 2004-02-04 22:55:55 by zakham