예제 #1
0
void Process::remoteDllMainCall(LPVOID lpModuleEntry, HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
	struct DLLMAINCALL dllMainCall = { (DLLMAIN)lpModuleEntry, hModule, ul_reason_for_call, lpReserved };
	SIZE_T DllMainWrapperSize = (SIZE_T)DllMainWrapper_end - (SIZE_T)DllMainWrapper; 

	MemoryArea param          = alloc(sizeof(struct DLLMAINCALL));
	MemoryArea dllCallWrapper = alloc((SIZE_T)((DWORD_PTR)DllMainWrapper_end - (DWORD_PTR)DllMainWrapper));

	param.write((LPCVOID)&dllMainCall, sizeof(struct DLLMAINCALL));
	dllCallWrapper.write((LPCVOID)DllMainWrapper, DllMainWrapperSize);

	runInHiddenThread((LPTHREAD_START_ROUTINE)dllCallWrapper.address(), param.address());
}
예제 #2
0
bool MemoryManagerV3::uploadFunclet(FuncletCode::Type type)
{
	const FuncletCode& funclet = parent->getFunclet(type);
	const uint8_t* code = (uint8_t*)funclet.code();
	const size_t count = funclet.codeSize();

	vector<uint32_t> tmp(code, code + count); // copy funclet into vector
	MemoryArea* ram = this->getMemoryArea("system", 0);

	return ram && ram->write(0, &tmp[0], count) && ram->sync();
}
예제 #3
0
Module Process::inject(const Library& lib)
{
	if (isInjected(lib))
		BOOST_THROW_EXCEPTION(ex_injection() << e_text("library already in process") << e_library(lib.path()) << e_process(*this));

	// copy the pathname to the remote process
	SIZE_T libPathLen = (lib.path().wstring().size() + 1) * sizeof(wchar_t);
	MemoryArea libFileRemote = alloc(libPathLen, true, MEM_COMMIT, PAGE_READWRITE);
	libFileRemote.write((void*)(lib.path().c_str()));

	PTHREAD_START_ROUTINE loadLibraryW = (PTHREAD_START_ROUTINE)Module::kernel32().getProcAddress("LoadLibraryW");
	/*DWORD exitCode =*/ runInHiddenThread(loadLibraryW, libFileRemote.address());

	return isInjected(lib);
}