I wrote dll injection program that works just fine. It loads dll into remote process and calls some function. Now i want to pass argument to that function. CreateRemoteThread has lpParameter for that, but how to get that passed argument inside dll to use it in function?
Update:
dll entry point is common:
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
Dll contains only one function with following prototype:
void TestFunction(const char* ua);
Code that calls that function is:
CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)((void*)codecaveExecAddr), (LPVOID)argumentAddress, 0, NULL);
As you can see i try to pass "test" string inside TestFunction. But then i check ua argument inside TestFunction it contains some trash.
Here are the whole project files:
http://pastebin.com/gh4SnhmV
http://pastebin.com/Sq7hpSVx
http://pastebin.com/dvgXpUYz
UPDATE 2
Should TestFunction have some specific propotype or i can use any as long as it has only one parameter of LPVOID type? I'm confused. Can anyone give me an example of how to call injected dll's function with some argument?
You need to allocate the data inside the other process' memory. For that, use the VirtualAllocEx function which will return the address in the other process memory, that you pass to CreateRemoteThread.
CreateRemoteThread works exactly the same way as CreateThread, except that it creates the thread in the remote process. One thing to keep in mind is that when you are passing a pointer to an object in lpParameter the remote thread, which is running in a different virtual address space will try to access that address in that address space.
来源:https://stackoverflow.com/questions/6582096/dll-injection-execute-createremotethread-with-parameter