Dll injection. Execute CreateRemoteThread with parameter
I wrote a dll injection program that works fine. It loads the dll into a remote process and calls some function. Now I want to pass an argument to this function. CreateRemoteThread has an lpParameter for this, but how do I get this passed argument inside the dll so that I can use it in a function?
Update : dll entry point is generic:
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
Dll contains only one function with the following prototype:
void TestFunction(const char* ua);
The code that calls this function:
CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)((void*)codecaveExecAddr), (LPVOID)argumentAddress, 0, NULL);
As you can see, I am trying to pass the string "test" inside TestFunction. But then I check the ua argument inside TestFunction, it contains garbage.
Here are all the project files:
http://pastebin.com/gh4SnhmV
http://pastebin.com/Sq7hpSVx
http://pastebin.com/dvgXpUYz
UPDATE 2
Does the TestFunction have to have a specific specific propotype or can I use any one if it only has one parameter of type LPVOID? I am embarrassed. Can anyone give me an example on how to call an injection DLL function with some argument?
source to share
You need to allocate data in the memory of another process. To do this, use the VirtualAllocEx function, which will return the address in another memory of the process that you pass to CreateRemoteThread.
CreateRemoteThread works exactly the same as CreateThread, except that it creates a thread in the remote process. Keep in mind that when you pass a pointer to an object into lpParameter, a remote thread that is running in a different virtual address space will try to access that address in that address space.
source to share