Jump to content
Tuts 4 You

Communication


Scale

Recommended Posts

What is the best option to send to strings from 1 program to the other?

At first i was simply reading the memory but on restart the address changes.

Thanks allot!

Link to comment

Remote threads and dll injections are good for that purpose, I'd say. The code in the remote thread could store the string inside a buffer of the original program, but that depends on whether you got control over the original app or not.

Link to comment
Remote threads and dll injections are good for that purpose, I'd say. The code in the remote thread could store the string inside a buffer of the original program, but that depends on whether you got control over the original app or not.

So if i understand correctly your idea would be to hook the function and write the strings to an address which is always the same?

I was thinking dll injection + detouring as well but the only example of that i have seen was c++ and i only know c# and ASM.

Lets google if theres any c# detouring classes,

Thanks for the tip!

Link to comment

Yep. Another way would be doing all this stuff remote - allocate some buffer (VirtualAllocEx), write some stirngs there (WriteProcessMemory) and do whatever you'd like to (like chaning some particular string reference to a reference to your new allocated buffer, using VirtualProtectEx and WriteProcessMemory).

Think of some ways and find the one that suits best for your current situation.

Good luck.

Link to comment

This is a good examples of how crackers think :) There are standardized ways of inter-process communication, which is in my opinion preferable to writing to other process memory which always leaves risks. For examples pipes, .net remoting, tcp or semaphores. Coding with low level procedures will give you nice insight of how processes work under the hood, but reading on IPC is better for developing.

http://en.wikipedia.org/wiki/Inter-process_communication

Link to comment

Ok lets add 2 questions,

Im injecting a libary which hooks a function, now for this injection i alloc some memory for the link to the libary to be loaded,

So if i use VirtualAllocEx(hprocess, (IntPtr)0x00200000, (uint)dllpath.Length + 1, 0x1000, 4);

It would create space at 00200000 which i can perfectly use then later read the data out off.

So question one would be is 00200000 a wise location?

And my second question is without a doubt a noob question,

In my detoured function i want to move a string to 00200000 pointer to the string is currently in ESI how would i do it?

I think i gotta loop and write each byte but i just cant get it in code an example would greatly be apriciated.

EDIT:

I fixed it like this:

char * sts;

__asm

{

mov sts, ESI

}

size_t b = strlen(sts);

__asm

{

push b

push ESI

push 0x200200

CALL memccpy

}

The call to memcpy is total bollox, but dll has its own memcpy so i could manually correct the call,

Yes i know jack about c++ :P But it works ^^

Edited by Scale
Link to comment

Great to hear it works, but just one little addition. I will quote the MSDN (for the function VirtualAllocEx).

If lpAddress is NULL, the function determines where to allocate the region.

So you will get a good pointer returned in eax and do'nt have to care about 00200000 being a wise location or not. :)

Edited by metr0
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...