Question on CopyFunction()

delphi package - getting into other processes

Question on CopyFunction()

Postby Patrick » Tue Mar 08, 2005 1:09 pm

I copy a function with code like this in it:

Code: Select all
   __asm {

      push 0
      push dword ptr [0x654321]
      mov eax,0x123456
      call eax
   }


Works perfect with normal DLL injection, but if i call the function
with CopyFunction() & CreateRemoteThreadEx the app crash. Is there anything i can do to make this work?

I would buy a full package ASAP if i could get this to run like i want lol. btw GREAT job :)
Patrick
 
Posts: 2
Joined: Tue Mar 08, 2005 12:56 pm

Postby madshi » Wed Mar 09, 2005 8:23 am

What is that function supposed to do? Are you sure that you can access 0x654321 in the other process? And are you sure that there's a function at 0x123456 which you can call?
madshi
Site Admin
 
Posts: 9339
Joined: Sun Mar 21, 2004 5:25 pm

Postby Patrick » Wed Mar 09, 2005 10:40 am

Solved it with the standart NT API functions. The problem is I normally code in FASM/MASM32. Looks like the VS2003 __asm support is just shit, it wasnt a CopyFunction() problem.

Could it be that CopyFunction() is writting a lot of overhead into the targets memory or does your AllocEx function allocate memory near the .CODE section?

Anyway GREAT job.
Patrick
 
Posts: 2
Joined: Tue Mar 08, 2005 12:56 pm

Postby madshi » Wed Mar 09, 2005 12:07 pm

Patrick wrote:Could it be that CopyFunction() is writting a lot of overhead into the targets memory

No, it just copies the function and nothing more.

Patrick wrote:or does your AllocEx function allocate memory near the .CODE section?

No, it allocates near 0x5f000000 (in the NT family).
madshi
Site Admin
 
Posts: 9339
Joined: Sun Mar 21, 2004 5:25 pm


Return to madRemote

Who is online

Users browsing this forum: No registered users and 1 guest