www.pudn.com > Process_Mo18292312142004.rar > RemoteCode.cpp
/*******************************************************
This file is part of Process Monitor.
Copyright (c) 2004 by Michel van Kerkhof, ( michel000@planet.nl http://home.wxs.nl/~wijk0550/ )
For more information consult the Readme file.
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU
General Public License as published by the Free
Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU
General Public License along with this program;
if not, write to:
the Free Software Foundation, Inc.,
59 Temple Place,
Suite 330, Boston,
MA 02111-1307 USA
*******************************************************
If you like my work and you have a job for me please contact me at: michel000@planet.nl
*******************************************************/
#include "includes.h"
/*
Copy data to a process
*/
void * InjectData(HANDLE hProcess,void *pData,int Size)
{
//allocate space in the remote process
void *pRemoteData = VirtualAllocEx(hProcess,0,Size,MEM_COMMIT,PAGE_EXECUTE_READWRITE );
if (pRemoteData == NULL) {
return NULL;
}
DWORD dwNumBytes;
//write data to the remote process
if (WriteProcessMemory(hProcess,pRemoteData,pData,Size,&dwNumBytes) == 0) return NULL;
return pRemoteData;
}
/*
Function to run a thread in a other process
*/
DWORD RemoteThread(HANDLE hProcess,void *pProc,int SizeProc,void *pData,int SizeData)
{
DWORD dwThreadId,dwExit;
void *pRemoteProc,
*pRemoteData;
//copy code to process
if ((pRemoteProc = InjectData(hProcess,pProc,SizeProc)) == NULL) {
return -1;
}
//copy data to process
if ((pRemoteData = InjectData(hProcess,pData,SizeData)) == NULL) {
VirtualFreeEx( hProcess, pRemoteProc, 0, MEM_RELEASE );
return -1;
}
//create the remote thread
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)pRemoteProc,
pRemoteData,0,&dwThreadId);
if (!hThread) {
VirtualFreeEx( hProcess, pRemoteProc, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, pRemoteData, 0, MEM_RELEASE );
return -1;
}
//waith for the thread to return
WaitForSingleObject(hThread, 2000);
//get the return value from the thread
GetExitCodeThread(hThread,&dwExit);
//if (!ReadProcessMemory(hProcess,pRemoteData,pData,SizeData,&dwThreadId)) dwExit=-1;
VirtualFreeEx( hProcess, pRemoteProc, 0, MEM_RELEASE );
VirtualFreeEx(hProcess, pRemoteData, 0, MEM_RELEASE );
CloseHandle(hThread);
return dwExit;
}
/*
Function to unload a dll from a process
this function is copyed to the process with WriteProcessMemory and
then executed with CreateRemoteThread
CreateRemoteThread allows you to pass one parameter (same as CreateThread)
if you need more than you need to pass a pointer to a struct. and copy that stuct. to the process
*/
DWORD WINAPI RemoteUnloadLib(UNLOADDLL *pData)
{
HMODULE hMod;
int i=0;
while (i < 20) { //try it 20 times if the dll is still there we assume we can't unload it
//get handle to dll
hMod=pData->fGetModuleHandle(pData->szLibName);
//if we cant get the handle of the dll
if (hMod == NULL) break; // could not get handle so dll isnt loaded anymore? Success
if (pData->fLdrUnloadDll(hMod) != 0) break; //free the library
i++;
}
return (DWORD)pData->fGetModuleHandle(pData->szLibName);//return handle to dll if it is NULL dll isnt loaded by the process anymore
}