Re: CreateRemoteThread in DLL
On Wed, 30 Jan 2008 12:54:01 -0800, Saul775
<Saul775@discussions.microsoft.com> wrote:
I've a question regarding CreateRemoteThread in a DLL I am creating.
I am trying to inject some code into a foreign process with the aid of a DLL.
I've created a project for the DLL. I have two functions in it.
BOOL WINAPI Test()
{
return TRUE; // Don't do anything for now, just return TRUE
}
__declspec(dllexport) BOOL Inject()
{
// For simplicity and brevity, I've removed error checking
DWORD dwPID;
GetWindowThreadProcessId(SomeHWnd, &dwPID);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
BYTE *pAddr = (BYTE *)VirtualAllocEx(hProcess, NULL, 1024, MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess, pAddr, (void *)&Test, 1024, NULL);
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)pAddr, NULL, 0, NULL);
...
}
When I try to call the DLL function Inject() in my program,
CreateRemoteThread() always causes the foreign process to crash.
On the other hand, suppose I wrote this Inject() code in my MFC program,
which is an application and not a DLL. If I do it this way, the code works
correctly.
Why is it that if I hard code Inject() into my APPLICATION, the foreign
process does not crash; however, if I code Inject() into a DLL and have my
application call the Inject() function from the DLL, the FOREIGN process
crashes?
Thank you for the help.
No idea about the different behavior, but your function Test has the wrong
signature. It should be:
DWORD WINAPI Test(LPVOID lpParameter)
{
return 1;
}
You can instrument Test with OutputDebugString and view the output with the
Sysinternals DebugView program. That should allow you to determine if you
even make it into Test.
--
Doug Harrison
Visual C++ MVP