Okay I have one 'boolean' and two DLLs. I have a boolean in DLL one which I wanna set to tru/false which DLL 2.

I use this file mapping code in both DLLs:


ShareMemSize equ 4096d
MemShareName db "_my_super_share_",0
hMap dd 0
StartMappedAddress dd 0

invoke CreateFileMapping, INVALID_HANDLE_VALUE, 0, PAGE_READWRITE,0,ShareMemSize,offset MemShareName
mov hMap,eax
invoke MapViewOfFile, hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0
mov StartMappedAddress,eax

I can set this the boolean successfully to true/false in DLL one

mov edi, OFFSET StartMappedAddress
cmp word ptr , "1"


But from DLL two the EXE will crash :(

What did I wrong?
Posted on 2004-06-07 15:15:53 by flapper
The problem is the OFFSET keyword, remove it and you'll be fine. That's because you're loading the address of the variable "StartMappedAddress" instead of it's contents.
Posted on 2004-06-07 17:31:10 by QvasiModo
I know what the error is:

I'm injecting the first DLL into a process. But this process seems like it doesn't like it.

System.ExecutionEngineException that how the error is called. What can I do ?
Posted on 2004-06-08 09:09:52 by flapper
It shouldn't matter unless you somehow goofed up some system structure... If it crashes when reading StartMappedAddress then maybe the DLL has ended up at another address than what you expected and there is no relocation information in the DLL. If you trace it in a debugger, I'm sure you'll find the bug in no time.
Is this for a Windows hook? If not, then there's no point in using a DLL. Instead you can just use VirtualAllocEx and WriteProcessMemory to get your code going.
Posted on 2004-06-08 10:57:42 by Sephiroth3
Could you give me an example of doing that with VirtualAllocEx, WriteProcessMemory?
Posted on 2004-06-08 12:47:37 by flapper
This is the general idea of how you do it...


push PAGE_EXECUTE_READWRITE
push MEM_COMMIT
push totalsize ; size of code + vars
push 0
push hProcess ; handle to the process
call VirtualAllocEx
push eax
push 0
push codesize ; size of code
push CodeToInsert
push eax
push hProcess
call WriteProcessMemory
pop eax ; if you want to create a new thread instead, skip the rest and use CreateRemoteThread
mov ecx,HookAddress ; Address in target process to insert a call
sub eax,ecx
sub eax,5
rol eax,8
push eax
mov al,0xe8
push eax
mov edx,esp
push 0
push 5
push edx
push ecx
push hProcess
call WriteProcessMemory
pop eax
pop eax
Posted on 2004-06-08 17:42:31 by Sephiroth3