Page 1 of 1

File copy in RemoteExecute

PostPosted: Fri Nov 28, 2008 3:02 pm
by mitzi
i'm trying to copy any file in context of another process, but affected process crashes on remote execute.
Here's code:

Code: Select all
program RemoteTest;

uses Windows, SysUtils, madRemote, madKernel;

type
  PParameters = ^TParameters;
  TParameters = record
    Source,
    Dest: array[0..MAX_PATH] of char;
  end;

function Execute(buffer: pointer) : dword; stdcall;
var
  CopyBuffer: array[0..4095] of Byte;
  BytesCopied: Longint;
  Source,Dest: Integer;
begin
  Result:=0;
  Source:=Integer(CreateFile(PParameters(buffer)^.Source,GENERIC_READ,0,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0));
  Dest:=Integer(CreateFile(PParameters(buffer)^.Dest,GENERIC_READ or GENERIC_WRITE,0,nil,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0));
  if (Dest<>INVALID_HANDLE_VALUE) and (Source<>INVALID_HANDLE_VALUE) then
    try
      repeat
        BytesCopied:=FileRead(Source,CopyBuffer,SizeOf(CopyBuffer));
        if BytesCopied>0 then
          FileWrite(Dest,CopyBuffer,BytesCopied);
        Inc(Result,BytesCopied);
      until BytesCopied<SizeOf(CopyBuffer);
    finally
      CloseHandle(Dest);
      CloseHandle(Source);
    end;
end;

function DoRemoteExecute(processHandle: dword) : string;
var
  dummy: dword;
  params: TParameters;
begin
  StrPCopy(@params.Source,'sourcefile');
  StrPCopy(@params.Dest,'destfile');
  if RemoteExecute(processHandle, @Execute, dummy, @params, SizeOf(params)) then
    Result:=IntToStr(dummy)
  else
    Result:='';
end;

var
  ph: dword;
begin
  ph:=Process('any.exe').GetHandle(PROCESS_ALL_ACCESS).Handle;
  MessageBox(0,PChar(DoRemoteExecute(ph)),'RemoteTest',0);
end.


Where's problem? Can anybody help me?

PostPosted: Fri Nov 28, 2008 3:13 pm
by Nico Bendlin
FileRead/FileWrite are RTL functions (in your process). You should only use API functions (ReadFile/WriteFile).

The function which you want to have executed in the other process needs to follow some rules. Please read the documentation of CopyFunction to learn more about those rules.

PostPosted: Fri Nov 28, 2008 8:21 pm
by mitzi
well that's it. And try..finally...end caused crash too. Thanx Nico.

PostPosted: Sat Nov 29, 2008 10:17 am
by mitzi
Is any chance to use RemoteExecute with System (PID=4) process? I tried it but RemoteExecute returns false and code is not executed.

PostPosted: Sat Nov 29, 2008 11:06 am
by iconic
No chance of it as this is an atypical process and will not work with madCodeHook.

--Iconic