I know about problems with threads, etc., which can cause its dangers, but I need to know how to do this for the safety project that I do at school. I need to know how to call a function in the remote address space of this calling convention with arguments - it is advisable to restore the data that the deleted function returned, although it really does not need me to do this.
If I can get the specification from the prototype of the remote function function at compile time, I can get this method to work. I need to know how large the arguments are and if the arguments are explicitly declared as pointers or not(void*, char*, int*, etc...)
Ie if I define a function prototype, for example:
typedef void (__cdecl *testFunc_t)(int* pData);
I need, at compile time, to get the size of the arguments, at least, and if I could, which ones are pointers or not. Here we assume that the remote function is a call to stdcallor _cdecl.
The IDE that I use is Microsoft Visual Studio 2007 if the solution is specific to a specific product.
Here is my plan:
Create a thread in a remote process using the CreateRemoteThreadfunction you want to call at the beginning, although I would do it in a paused state.
I would set the stack so that the return address is the address of the stub of the code allocated inside the process that would call ExitThread(eax)- since it would output a thread with the return value of the function - I then restore it withGetExitCodeThread
- , .
, .
, , - , , . , PDB, , , . , , , , , .
:
,
typedef void (__cdecl testFunc_t) (int pData);
, (.. sizeof (int *). , , , :
template<typename T> unsigned long getPrototypeArgLength<T>()
{
}
getPrototypeArgLength<testFunc>()