Question on CopyFunction()

delphi package - getting into other processes
Post Reply
Patrick
Posts: 2
Joined: Tue Mar 08, 2005 12:56 pm

Question on CopyFunction()

Post by Patrick »

I copy a function with code like this in it:

Code: Select all

	__asm {

		push 0
		push dword ptr [0x654321]
		mov eax,0x123456
		call eax
	}
Works perfect with normal DLL injection, but if i call the function
with CopyFunction() & CreateRemoteThreadEx the app crash. Is there anything i can do to make this work?

I would buy a full package ASAP if i could get this to run like i want lol. btw GREAT job :)
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

What is that function supposed to do? Are you sure that you can access 0x654321 in the other process? And are you sure that there's a function at 0x123456 which you can call?
Patrick
Posts: 2
Joined: Tue Mar 08, 2005 12:56 pm

Post by Patrick »

Solved it with the standart NT API functions. The problem is I normally code in FASM/MASM32. Looks like the VS2003 __asm support is just shit, it wasnt a CopyFunction() problem.

Could it be that CopyFunction() is writting a lot of overhead into the targets memory or does your AllocEx function allocate memory near the .CODE section?

Anyway GREAT job.
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Patrick wrote:Could it be that CopyFunction() is writting a lot of overhead into the targets memory
No, it just copies the function and nothing more.
Patrick wrote:or does your AllocEx function allocate memory near the .CODE section?
No, it allocates near 0x5f000000 (in the NT family).
Post Reply