c# - Call function inside another process which is not written in .NET -

-

I want to call the function inside another process and send 1 argument through createremotethread.

Now, I can do this by sending inline ASM, but I do not know enough assembly to do this way. Besides, I have no access to the remote process source code.

I was thinking about using: 

  [Layout layout (layoutcind.Security, Pack = 1)] Public Structure Remothed Papers [[Marshal AS (Unmanaged Type I 4)] Public Entry Paramma 1; [Marshall AS (UnmanagedType.I4)] Public Entry Paramma 2; }   
 But what I think, the remote process should know how to handle it.  
 Is there an easy way to send 1 argument in a remote process that does not include any assembly?  
 EDIT:  
 In the same way I am trying to solve it at this time but I get a memory exception and I do not really understand what I am doing wrong.  
 We have a PTR function in 0x64D480 in the remote process, it is assembly taken from the IDA supporter.  
  // function passed the PTR IS 0x64D480 .text: 0064D480 sub_64D480 proc; Code XREF: sub_4DA7F0 + 3Ap. Text: 0064D 480; Sub-64D 550 + BP ... .text: 0064d 480. Text: 0064D 480 var_C = dword ptr -0CH // arg1. Text: 0064de 480 arg_0 = dword ptr 4 // arg2 .text: 0064D480 Text: 0064D440 Push ESI. Text: 0064 D 481 push edi .text: 0064D482 mov edi, [esp + 8 + arg_0] .text: 0064D486 push edi .text: 0064D487 mov esi, ecx .text: 0064D489 call sub_64D330 .text: 0064D48E test al, al Text: 0064D490 jnz short loc_64D497 .text: 0064D492 pop edi .text: 0064D493 pop esi .text: 0064D494 retn 4   
 It is not possible to call the function like this:  
  [Layout layout (Sequik, Pack = 1)] Public structure RemoteThethreads [[Marshal AS (Unmanaged type I4)] Public int paragraph 1; [Marshall AS (UnmanagedType.I4)] Public Entry Paramma 2; } Allocate some basic HAP memory in your process to store zero data function (IntPtr _functionPtr, RemoteThreadParams _parameters) {// Parameter Data IntPtr iptrtoparams = Marshal.AllocHGlobal (Marshal.SizeOf (_parameters)); // Simply Marshall to copy the data into its structure in the original stack memory. Allocated structures (_parameters, iptrtoparams, false); // Use to allocate "committed" memory which is proprietary to other processes INTPtr iptrremoteallocatedmemory = VirtualAllocEx (this.handle, IntPtr.Zero, (uint) Marshall. SizeOf (_parameters), allocation type. Commit, MemoryProtection. ExecuteReadWrite); UIintPtr bytes return = UIntPtr.Zero; // Copy the local process memory to the memory of the remote processProcess Memory (This Handle, IPTermotocorted Memoriri, IPTroparmum, (UIT) Marshall. Size (_Permatories), Written Out bytes); // Marshall Free Free Memory FreeHejlobal (Iptroprom); // In case of thread id and return value, we need it for later iTradID; UIT return value = 0; IntPtr hThread = CreateRemoteThread (this.handle, IntPtr.Zero, 0, _functionPtr, IPTroparm, 0, iThreadId outside); WaiterSyncingAbject (HTHread, 0xFFFFFFFF); GetExitCodeThread (hThread, exit return value); CloseHandle (hThread); CloseHandle (this.handle); }   
 
 
 There is no easy way to make it the easiest way to do this: LoadLibrary is done with  and sansge code. You need two versions: 32-bit DLL and 64-bit DLL, you choose which process to be injected on the basis of "BCCT".  
  CreateRemoteThread (....., address load library, "location of your unmanaged DLL");   
 When you receive the reference on the Internet at Google  C # CreateRemoteThread LoadLibrary .  
 After that, you want the Custom Dell call function:  
  #include "stdafx.h" typefiff zero (__stdcall * MyCustomFunc) (int param1, int param2 ); BOOL APIENTRY DllMain (HMODULE HModule, DWORD ul_reason_for_call, LPVOID lpReserved) {switch (ul_reason_for_call) {case DLL_PROCESS_ATTACH: {// This code is executed voluntarily. // This is just a test, // you are doing better by writing a different function in a DLL // and exporting it, so that you can call it later from C #, once DLL can be injected is. MyCustomFunc test = 0x64D480; Test (2, 4); } Case DLL_THREAD_ATTACH: Case DLL_THREAD_DETACH: Case DLL_PROCESS_DETACH: Break; } Return TRUE; }   
 ps, you also need  Freelbury , if necessary call calling is also important for getting the right I am going to an organ here, and I say that it looks like __stdcall, but see it __cdecl, or __fastcall, or whatever may be: For more information.

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
Read more

java - Why my included JSP file won't get processed correctly? -

-
I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
Read more