Page 1 of 1

Question on CopyFunction()

Posted: Tue Mar 08, 2005 1:09 pm
by Patrick
I copy a function with code like this in it:

Code: Select all

	__asm {

		push 0
		push dword ptr [0x654321]
		mov eax,0x123456
		call eax
	}
Works perfect with normal DLL injection, but if i call the function
with CopyFunction() & CreateRemoteThreadEx the app crash. Is there anything i can do to make this work?

I would buy a full package ASAP if i could get this to run like i want lol. btw GREAT job :)

Posted: Wed Mar 09, 2005 8:23 am
by madshi
What is that function supposed to do? Are you sure that you can access 0x654321 in the other process? And are you sure that there's a function at 0x123456 which you can call?

Posted: Wed Mar 09, 2005 10:40 am
by Patrick
Solved it with the standart NT API functions. The problem is I normally code in FASM/MASM32. Looks like the VS2003 __asm support is just shit, it wasnt a CopyFunction() problem.

Could it be that CopyFunction() is writting a lot of overhead into the targets memory or does your AllocEx function allocate memory near the .CODE section?

Anyway GREAT job.

Posted: Wed Mar 09, 2005 12:07 pm
by madshi
Patrick wrote:Could it be that CopyFunction() is writting a lot of overhead into the targets memory
No, it just copies the function and nothing more.
Patrick wrote:or does your AllocEx function allocate memory near the .CODE section?
No, it allocates near 0x5f000000 (in the NT family).