Search Results

Search found 9 results on 1 pages for 'createremotethread'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • Running DllImport commands from CreateRemoteThread

    - by Gbps
    I have a function named Msg that's imported from a dll named tier0.dll. I can DllImport this just fine, but the command only works when the dll is attached to another process which can complete the Msg command. Using CreateRemoteThread, it is possible that I could call Msg using C# while still letting it have access to the variables of the attached process it needs to complete the command? Thanks!

    Read the article

  • internet explorer, google chrome injection

    - by Volim Te
    I wrote code that injects a function in Internet Explorer/Chrome but it doesn't work with these processes. Basically, it fills one big structure with all the APIs my function needs, strings, and other data, then it opens a process to get a handle, virtualallocex to allocate enough memory to store a function and structure there, and it writes the function and the structure in allocated memory. It then runs createremotethread there with the function as a starting address and structure as parameter. It works all great with calc/notepad/winamp processes but I have problems with browser injection. I'm wondering what could it be, I'm using these APIs. x.xCreateFile x.xWriteFile x.xCloseHandle x.xSleep x.xVirtualAlloc x.xVirtualFree x.xMessageBox x.xLoadLibrary x.xShellExecute Is it because browsers are protected now and they're running with lowest privileges?

    Read the article

  • How to share a process?

    - by rudi
    How can I snuggle into another process? Like, share another process's name? So if my application is griddemo.exe, and I want to snug into, let's say, explorer.exe, is that possible? Just read something about CreateRemoteThread() from kernel32. Is that in the right direction? Would there be security/UAC issues?

    Read the article

  • CodePlex Daily Summary for Saturday, April 14, 2012

    CodePlex Daily Summary for Saturday, April 14, 2012Popular ReleasesJson.NET: Json.NET 4.5 Release 3: Change - DefaultContractResolver.IgnoreSerializableAttribute is now true by default Fix - Fixed MaxDepth on JsonReader recursively throwing an error Fix - Fixed SerializationBinder.BindToName not being called with full assembly namesVisual Studio Team Foundation Server Branching and Merging Guide: v2 - For Visual Studio 11: Welcome to the BETA of the Branching and Merging Guide preview As this is a BETA release and the quality bar for the final Release has not been achieved, we value your candid feedback and recommend that you do not use or deploy these BETA artifacts in a production environment. Quality-Bar Details Documentation has been reviewed by Visual Studio ALM Rangers Documentation has not been through an independent technical review Documentation has been reviewed by the quality and recording te...Media Companion: MC 3.435b Release: This release should be the last beta for 3.4xx. A handful of problems have been sorted out since last weeks release. If there are no major problems this time, it will upgraded to 3.500 Stable at the end of the week! General The .NET Framework has been modified to use the Client profile, as provided by normal Windows updates; no longer is there a requirement to download and install the Full profile! mc_com.exe has been worked on to mimic proper Media Companion output (a big thanks to vbat99...THE NVL Maker: The NVL Maker Ver 3.12: SIM??????,TRA??????,ZIP????。 ????????????????,??????~(??????????????????) ??????? simpatch1440x900 trapatch1440x900 ?????1400x900??1440x900,?????????????Data.xp3。 ???? ?????3.12?EXE????????????????, ??????????????,??Tool/krkrconf.exe,??Editor.exe, ???????????????「??????」。 ?????Editor.exe??????。 ???? ???? http://etale.us/gameupload/THE_NVL_Maker_ver3.12_sim.zip ???? http://www.mediafire.com/?je51683g22bz8vo ??Infinite Creation?? http://bbs.etale.us/forum.php ?????? ???? 3.12 ??? ???、????...SnmpMessenger: 0.1.1.1: Project Description SnmpMessenger, a messenger. Using the SNMP protocol to exchange messages. It's developed in C#. SnmpMessenger For .Net 4.0, Mono 2.8. Support SNMP V1, V2, V3. Features Send get, set and other requests and get the response. Send and receive traps. Handle requests and return the response. Note This library is compliant with the Common Language Specification(CLS). The latest version is 0.1.1.1. It is only a messenger, does not involve VACM. Any problems, Please mailto: wa...Python Tools for Visual Studio: 1.1.1: We’re pleased to announce the release of Python Tools for Visual Studio 1.1.1. Python Tools for Visual Studio (PTVS) is an open-source plug-in for Visual Studio which supports programming with the Python language. PTVS supports a broad range of features including: • Supports CPython and IronPython • Python editor with advanced member and signature intellisense • Code navigation: “Find all refs”, goto definition, and object browser • Local and remote debugging • Profiling with multiple view...Supporting Guidance and Whitepapers: v1 - Team Foundation Service Whitepapers: Welcome to the BETA release of the Team Foundation Service Whitepapers preview As this is a BETA release and the quality bar for the final Release has not been achieved, we value your candid feedback and recommend that you do not use or deploy these BETA artifacts in a production environment. Quality-Bar Details Documentation has been reviewed by Visual Studio ALM Rangers Documentation has been through an independent technical review All critical bugs have been resolved Known Issue...Microsoft .NET Gadgeteer: .NET Gadgeteer Core 2.42.550 (BETA): Microsoft .NET Gadgeteer Core RELEASE NOTES Version 2.42.550 11 April 2012 BETA VERSION WARNING: This is a beta version! Please note: - API changes may be made before the next version (2.42.600) - The designer will not show modules/mainboards for NETMF 4.2 until you get upgraded libraries from the module/mainboard vendors - Install NETMF 4.2 (see link below) to use the new features of this release That warning aside, this version should continue to sup...LINQ to Twitter: LINQ to Twitter Beta v2.0.24: Supports .NET 3.5, .NET 4.0, Silverlight 4.0, Windows Phone 7.1, and Client Profile. 100% Twitter API coverage. Also available via NuGet.Kendo UI ASP.NET Sample Applications: Sample Applications (2012-04-11): Sample application(s) demonstrating the use of Kendo UI in ASP.NET applications.SCCM Client Actions Tool: SCCM Client Actions Tool v1.12: SCCM Client Actions Tool v1.12 is the latest version. It comes with following changes since last version: Improved WMI date conversion to be aware of timezone differences and DST. Fixed new version check. The tool is downloadable as a ZIP file that contains four files: ClientActionsTool.hta – The tool itself. Cmdkey.exe – command line tool for managing cached credentials. This is needed for alternate credentials feature when running the HTA on Windows XP. Cmdkey.exe is natively availab...Dual Browsing: Dual Browser: Please note the following: I setup the address bar temporarily to only accepts http:// .com addresses. Just type in the name of the website excluding: http://, www., and .com; (Ex: for www.youtube.com just type: youtube then click OK). The page splitter can be grabbed by holding down your left mouse button and move left or right. By right clicking on the page background, you can choose to refresh, go back a page and so on. Demo video: http://youtu.be/L7NTFVM3JUYCslaGenFork: Rules sample v.1.1.0: On projects for CSLA v.4.2.2, added 5 new Business Rules: - DependencyFrom - RequiredWhenCanWrite - RequiredWhenIsNotNew - RequiredWhenNew - StopIfNotFieldExists Added new projects for CSLA v.4.3.10 with 6 new Business Rules: - DependencyFrom - FieldExists - RequiredWhenCanWrite - RequiredWhenIsNotNew - RequiredWhenNew - StopIfNotFieldExists Following CSLA convention, SL stands for Silverligth 5 and SL4 stands for Silverlight 4. NOTE - Although the projects for CSLA v.4.1.0 still exist, thi...Multiwfn: Multiwfn 2.3.3: Multiwfn 2.3.3Liberty: v3.2.0.1 Release 9th April 2012: Change Log-Fixed -Reach Fixed a bug where the object editor did not work on non-English operating systemsCommonData - Common Functions for ASP.NET projects: CommonData 0.3L: Common Data has been updated to the latest NUnit (2.6.0) The demo project has been updated with an example on how to correctly compare a floating point value.ASP.Net MVC Dynamic JS/CSS Script Compression Framework: Initial Stable: Initial Stable Version Contains Source for Compression Library and example for usage in web application.Path Copy Copy: 10.1: This release addresses the following work items: 11357 11358 11359 This release is a recommended upgrade, especially for users who didn't install the 10.0.1 version.ExtAspNet: ExtAspNet v3.1.3: ExtAspNet - ?? ExtJS ??? ASP.NET 2.0 ???,????? AJAX ?????????? ExtAspNet ????? ExtJS ??? ASP.NET 2.0 ???,????? AJAX ??????????。 ExtAspNet ??????? JavaScript,?? CSS,?? UpdatePanel,?? ViewState,?? WebServices ???????。 ??????: IE 7.0, Firefox 3.6, Chrome 3.0, Opera 10.5, Safari 3.0+ ????:Apache License 2.0 (Apache) ??:http://extasp.net/ ??:http://bbs.extasp.net/ ??:http://extaspnet.codeplex.com/ ??:http://sanshi.cnblogs.com/ ????: +2012-04-08 v3.1.3 -??Language="zh_TW"?JS???BUG(??)。 +?D...Coding4Fun Tools: Coding4Fun.Phone.Toolkit v1.5.5: New Controls ChatBubble ChatBubbleTextBox OpacityToggleButton New Stuff TimeSpan languages added: RU, SK, CS Expose the physics math from TimeSpanPicker Image Stretch now on buttons Bug Fixes Layout fix so RoundToggleButton and RoundButton are exactly the same Fix for ColorPicker when set via code behind ToastPrompt bug fix with OnNavigatedTo Toast now adjusts its layout if the SIP is up Fixed some issues with Expression Blend supportNew ProjectsArkadia Operating System: This operating system is based on Cosmos Project and C# Programming Langage.Copy Microsoft Online User Attributes from one domain user to another: CopyMSOLAttributes copies MSOL-specific user attributes from source user to target user (legacyExchangeDN, mail, msExchMailboxGuid, proxyAddresses, targetAddress). This assists in migrating to Office 365 in a multi-domain, multi-forest environment.DevChat: DevChat is a small secure chat for dev groups or teams inside of an organisation that wish to control their information.Dynamic UI Framework: Dynamic UI FrameworkEjemploAndroid: Prueba Trabajar con eclipse y codeplexElfos vs Orcos: videojuego xna elfos vs orcosFacebook Suite Rules Orchard module: Part of the Facebook Suite Orchard module that provides various rules for the Rules engine to interact with Facebook.FakeMail: FakeMail makes testing of email enabled applications easier for DEVs and QAs. You no longer need to have multiple "real" email addresses to test and validate registration and notification features. Written in C# this ASP.Net MVC application uses RavenDB Embedded as a document store and hosts a custom SMTP server. Configure FakeMail and update your existing email-enabled application's SMTP server settings are you are ready to go. FakeMail mail server will accept email sent to ANY addre...FIM Object Visualizer: The FIM Object Visualizer is a tool to display and document configurable FIM objects such as Synchronization Rules, Workflows and Management Policy Rules. FXIB: ThisGoogle Places Autocomplete API for WP7: The Google Places Autocomplete API for WP7 is a project for WP7 developers to use when implementing an autocomplete box in their application. This project provides an easy non-blocking way to get fast results from the Google Places Autocomplete API. hook send/recv function with CreateRemoteThread: this sample is hooking send/recv function with CreateRemoteThread api.Infinity Music: Entertainment center, music player, youtube player, Internet radio, Facebook, Twitter ... All in one application ...! Centro de entretenimiento, reproductor de música, reproductor videos you tube, radio por internet, Facebook, Twitter... Todo en una misma aplicación...! Centre de divertissement, lecteur de musique, lecteur YouTube, la radio sur Internet, Facebook, Twitter ... Tout dans une seule application ...!Library Guard: Library Guard helps you maintain your media library(primarily audio) by correcting tags, maintaining location of your files, etc.MVVM Source Control Monitor: An exercise in MVVM with Wpf to create a useful and unobtrusive source control notification tool that lives in the system tray, and can also be viewed in a window. This is meant to provide a 'real world' application to provide examples of MVVM implementation without understanding any other frameworks that can blur the lines about what MVVM really is (it's a pattern, folks). The application will use as little 3rd party code as possible (Wpf Toolkit, some other goodies) that are all unrel...Orchard Calendar: Module provides calendar capabilities in Orchard. This is accomplished by a new calendar content part and content type along with new calendar layout for Projector module. PaidRanks: PaidRanks makes it easier for minecraft admins to mangae user rights and rewards donators. You'll no longer have to manually change nick names again. It's developed in Java 7.Perritos Project: Practice of the subject projectPython Pygame Sprites Example: This project example uses Python and Pygame to create a game environment. This code requires major refactoring and there is no warranty. Reversi.NET: Reversi is a board game involving abstract strategy and played by two players on a board with 8 rows and 8 columns and a set of distinct pieces for each side.SharePoint Social Tag Counters: The SharePoint Social Tag Counter project takes the social features from SharePoint 2010 to another level. It allows you to immediately show your SharePoint visitors how popular the content is with the help of Social "I like it" and "Tag" counters.Shop systems1: dddddddddddSource Block - Data Access Components: Source Block - Data Access Components Contains two components. 1. DBHandler 2. DBSchemaHandler DBHandler : Pure ADO.Net based Data access layer DBSchemaHandler : Pure ADO.Net based Database schema handlerSource Block - Domain Driven Development Framework: A framework which promotes domain pattern based development. This promotes patterns such as : Repository, Unit of work, Dependency injection and Inversion of control. Built on MS E.F 4.2 using code first approach. Includes features such as code generationSuperSocket Proxy Server: A .NET proxy server based on SuperSocketTestC-Q: This project is on working with KDB database and fetching data from open market data providers. This will do rigorous analysis. Don't try to find any code till Oct 2012.tofinish: tofinishUse National Geographic Photo of the Day as Wallpaper: I used to watch National Geographic Photo of the day everyday. http://photography.nationalgeographic.com/photography/photo-of-the-day So I thought it might be helpful for people like me if a software synchronise the wallpaper with national geographic photo of the day. It also archives photo of the day along with publication date and photo title.VAMP: Projet industriel MBDS 2012?????: ???????Model???????: ????:??Model??????? ???:??? ??:?????????python?SDK: ??python??????SDK。????

    Read the article

  • Catch unhandled exception of invisible thread

    - by user346804
    In my C++ application i use an activeX component that runs its own thread (or several I don't know). Sometimes this components throws exceptions. I would like to catch these exceptions and do recovery instead of my entire application crashing. But since I don't have access to its source code or thread I am unsure how it would be done. The only solution I can think of is to run it in its own process. Using something like CreateProcess and then CreateRemoteThread, unsure how it could be implemented. Any suggestion on how to go about solving this?

    Read the article

  • dll injection using C

    - by AJINKYA
    hey i m trying to inject a dll into a process i.e lsass.exe to get hashes.Its a bit hacky but cant help its my project. I have a code of dll injection but in visual C++ it gives errors such as.. at TEXT("LoadLibraryA"))))----argument const wchar incompatible with LPCSTR at lpFuncAddr-----------argument type "LPVOID" incompatible with parameter type "LPTHREAD_START ROUTINE" CODE: BOOL InjectDLL(DWORD dwProcessId, LPCSTR lpszDLLPath) { HANDLE hProcess, hThread; LPVOID lpBaseAddr, lpFuncAddr; DWORD dwMemSize, dwExitCode; BOOL bSuccess = FALSE; HMODULE hUserDLL; //convert char to wchar char *lpszDLLPath = "hash.dll"; size_t origsize = strlen(orig) + 1; const size_t newsize = 100; size_t convertedChars = 0; wchar_t dllpath[newsize]; mbstowcs_s(&convertedChars, dllpath, origsize, orig, _TRUNCATE); if((hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION |PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, dwProcessId))) { dwMemSize = wcslen(dllpath) + 1; if((lpBaseAddr = VirtualAllocEx(hProcess, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE))) { if(WriteProcessMemory(hProcess, lpBaseAddr, lpszDLLPath, dwMemSize, NULL)) { if((hUserDLL = LoadLibrary(TEXT("kernel32.dll")))) { if((lpFuncAddr = GetProcAddress(hUserDLL, TEXT("LoadLibraryA")))) { if((hThread = CreateRemoteThread(hProcess, NULL, 0, lpFuncAddr, lpBaseAddr, 0, NULL))) { WaitForSingleObject(hThread, INFINITE); if(GetExitCodeThread(hThread, &dwExitCode)) { bSuccess = (dwExitCode != 0) ? TRUE : FALSE; } CloseHandle(hThread); } } FreeLibrary(hUserDLL); } } VirtualFreeEx(hProcess, lpBaseAddr, 0, MEM_RELEASE); } CloseHandle(hProcess); } return bSuccess; } int WINAPI WinMain(HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow) { if(InjectDLL(PROCESSID, "hash.dll")) { MessageBox(NULL, TEXT("DLL Injected!"), TEXT("DLL Injector"), MB_OK); }else { MessageBox(NULL, TEXT("Couldn't inject DLL"), TEXT("DLL Injector"), MB_OK | MB_ICONERROR); } return 0; } i m a beginner to dll and windows programming so will appreciate your help.

    Read the article

  • Microsoft Detours - DetourUpdateThread?

    - by pault543
    Hi, I have a few quick questions about the Microsoft Detours Library. I have used it before (successfully), but I just had a thought about this function: LONG DetourUpdateThread(HANDLE hThread); I read elsewhere that this function will actually suspend the thread until the transaction completes. This seems odd since most sample code calls: DetourUpdateThread(GetCurrentThread()); Anyway, apparently this function "enlists" threads so that, when the transaction commits (and the detours are made), their instruction pointers are modified if they lie "within the rewritten code in either the target function or the trampoline function." My questions are: When the transaction commits, is the current thread's instruction pointer going to be within the DetourTransactionCommit function? If so, why should we bother enlisting it to be updated? Also, if the enlisted threads are suspended, how can the current thread continue executing (given that most sample code calls DetourUpdateThread(GetCurrentThread());)? Finally, could you suspend all threads for the current process, avoiding race conditions (considering that threads could be getting created and destroyed at any time)? Perhaps this is done when the transaction begins? This would allow us to enumerate threads more safely (as it seems less likely that new threads could be created), although what about CreateRemoteThread()? Thanks, Paul For reference, here is an extract from the simple sample: // DllMain function attaches and detaches the TimedSleep detour to the // Sleep target function. The Sleep target function is referred to // through the TrueSleep target pointer. BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) { if (dwReason == DLL_PROCESS_ATTACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach(&(PVOID&)TrueSleep, TimedSleep); DetourTransactionCommit(); } else if (dwReason == DLL_PROCESS_DETACH) { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)TrueSleep, TimedSleep); DetourTransactionCommit(); } return TRUE; }

    Read the article

  • Hooking DirectX EndScene from an injected DLL

    - by Etan
    I want to detour EndScene from an arbitrary DirectX 9 application to create a small overlay. As an example, you could take the frame counter overlay of FRAPS, which is shown in games when activated. I know the following methods to do this: Creating a new d3d9.dll, which is then copied to the games path. Since the current folder is searched first, before going to system32 etc., my modified DLL gets loaded, executing my additional code. Downside: You have to put it there before you start the game. Same as the first method, but replacing the DLL in system32 directly. Downside: You cannot add game specific code. You cannot exclude applications where you don't want your DLL to be loaded. Getting the EndScene offset directly from the DLL using tools like IDA Pro 4.9 Free. Since the DLL gets loaded as is, you can just add this offset to the DLL starting address, when it is mapped to the game, to get the actual offset, and then hook it. Downside: The offset is not the same on every system. Hooking Direct3DCreate9 to get the D3D9, then hooking D3D9-CreateDevice to get the device pointer, and then hooking Device-EndScene through the virtual table. Downside: The DLL cannot be injected, when the process is already running. You have to start the process with the CREATE_SUSPENDED flag to hook the initial Direct3DCreate9. Creating a new Device in a new window, as soon as the DLL gets injected. Then, getting the EndScene offset from this device and hooking it, resulting in a hook for the device which is used by the game. Downside: as of some information I have read, creating a second device may interfere with the existing device, and it may bug with windowed vs. fullscreen mode etc. Same as the third method. However, you'll do a pattern scan to get EndScene. Downside: doesn't look that reliable. How can I hook EndScene from an injected DLL, which may be loaded when the game is already running, without having to deal with different d3d9.dll's on other systems, and with a method which is reliable? How does FRAPS for example perform it's DirectX hooks? The DLL should not apply to all games, just to specific processes where I inject it via CreateRemoteThread.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1