Can I use this function to block WINDOWS API's?
closed account (13bSLyTq)
Hi,
Because using Sizeof() gives us few instructions which are not needed such as
and few other instructions this is basically better to reduce the allocation size thus reducing the memory footprint on all processes.
Because using Sizeof() gives us few instructions which are not needed such as
|
|
and few other instructions this is basically better to reduce the allocation size thus reducing the memory footprint on all processes.
So look at this code:
https://rstforums.com/forum/43070-c-direct-code-injection-examples-no-dll-injection.rst
Here they are not giving the size of thread func as parameter but sizeof(RemoteData) will it work?
And my computer is broke can you please check and find out if it works...:), please?
EDIT: How can this code work with dev c++???
Can you download it and test it?
Help...
https://rstforums.com/forum/43070-c-direct-code-injection-examples-no-dll-injection.rst
Here they are not giving the size of thread func as parameter but sizeof(RemoteData) will it work?
And my computer is broke can you please check and find out if it works...:), please?
EDIT: How can this code work with dev c++???
Can you download it and test it?
Help...
Last edited on
closed account (13bSLyTq)
Hi,
I am sorry but test it when your computer gets fixed, as I am not going to download additional softwares for a single thread with Araavind (I know it's You).
I am sorry but test it when your computer gets fixed, as I am not going to download additional softwares for a single thread with Araavind (I know it's You).
Okay anyway is sizeof(RemoteData) good enough, rather than stub-function?
or can I give a guess value for size such as 10 or 200 or 5000 something...?
or can I give a guess value for size such as 10 or 200 or 5000 something...?
closed account (13bSLyTq)
I would say stub-function is a better as we are allocating minimum bytes. Next Question.
No keep in mind VS optimizes code therefore a single guess can be smaller than actual thread thus buffer overflows the processes and crashes it.
No keep in mind VS optimizes code therefore a single guess can be smaller than actual thread thus buffer overflows the processes and crashes it.
Thankyou, now for my next topic:
How can you kill a process using dll injection?
I made a good DLL Injector,
now how to make my dll kill the injected process?
How can you kill a process using dll injection?
I made a good DLL Injector,
now how to make my dll kill the injected process?
closed account (13bSLyTq)
first is is not you made it is you copy pasted anyway call NtTerminateProcess or TerminateProcess to terminate the process. Just do it exactly like how you terminate your process.
It would work because as DLL is running under injected process memory space any action performed by DLL will be equivalent to the injected process doing it.
It would work because as DLL is running under injected process memory space any action performed by DLL will be equivalent to the injected process doing it.
So, the code should be like:
|
|
I am wondering if that kills the injector process first as LoadLibrary calls DllMain if I remember correctly.
Can I use ExitProcess() in the dll than TerminateProcess(GetCurrentProcess() ?
In the old code cave method
which is the order in declaring
the functions?
HELP?
In the old code cave method
which is the order in declaring
the functions?
|
|
HELP?
ExitProcess() and TerminateProcess(GetCurrentProcess() is the same thing ...
However, calling them from DllMain kills the injector process.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx
However, calling them from DllMain kills the injector process.
| MSDN wrote: |
|---|
| f the specified module is a DLL that is not already loaded for the calling process, the system calls the DLL's DllMain function with the DLL_PROCESS_ATTACH value. If DllMain returns TRUE, LoadLibrary returns a handle to the module. |
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx
closed account (13bSLyTq)
Yeah, modoran I think thats what he wants.
The strange thing is we can do this in 2\ 4 lines of code that too without injection.
Get handle to the process and call TerminateProcess. Bamn we done it.
The strange thing is we can do this in 2\ 4 lines of code that too without injection.
Get handle to the process and call TerminateProcess. Bamn we done it.
I tried to kill with injection because to kill protected processes?
But anyways :
In the old code cave method
which is the order in declaring
the functions?
HELP?
But anyways :
In the old code cave method
which is the order in declaring
the functions?
|
|
HELP?
Still no reply?
BTW, how to prevent injector from terminating in dll injection?
Before that, read above post!
BTW, how to prevent injector from terminating in dll injection?
Before that, read above post!
Help,
BTW, In realease mode in VC++ 2010 do you need to rename and relocate the functions?
Please read above post and help!
Help:)
BTW, In realease mode in VC++ 2010 do you need to rename and relocate the functions?
Please read above post and help!
Help:)
I think the reason no one is answering you is that what you are trying to do is stupid. Killing a critical system process causes a system failure and forces Windows to reboot, CSRSS.exe is a critical system process. You need to do A LOT more homework before you're ready to do whatever it is that you are doing. http://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem