I don't have an example at hand, but this is how I would attempt it:
1. DLL is loaded in MP. I guess the DLL knows how to distinguish it from other processes. DLL can make an object available to this thread to control the thread in the external process.
2. DLL is loaded in EP. The DLL detects is the EP and starts a worker thread that waits on a named autoreset event.
3. MP obtains a reference to the controller object (may be a singleton) and calls one of its methods to instruct the (currently-sleeping) worker thread in EP to do a read or write. This method accepts all needed data.
4. Method of controller object acquires a synchronization object before setting data in a shared data segment and proceeds to write the specifics of the method to perform, then releases this sync object and signals the named event mentioned on #2.
5. Method of controller object waits for the worker thread to signal it has finished by means of another named autoreset event.
6. Method of controller object returns the result of the operation, if any, to the caller.
Thanx, that however explains only the communication side of things, unfortunately it does not explain how to read / write to a specific address of the EP, I suppose I could use a unsigned char pointer with reinterpret_cast to read/write to variable addresses but as far as I'm aware that would only affect the DLLs memory. If I were to use the Read/WriteProcessMemory() then there would be no point in the DLL. But the reason I need the DLL is deal with circumstances where access to the EP is not allowed for those functions - This is a general purpose hacking tool so the EP is known only to the user and must be dealt with in whatever way is available and selected by user.
If I were to use the Read/WriteProcessMemory() then there would be no point in the DLL. But the reason I need the DLL is deal with circumstances where access to the EP is not allowed for those functions
There is no way that you can successfully inject a DLL in an elevated process if your process is not elevated.
Thanx, I planed for such a scenario too but that wasn't 100% what I meant, e.g. the EP somehow detects the MP attaching itself and removes it immediately or manages to re-direct the read/write actions.
Aside from that the MP will use imported functions to communicate to the DLL so will the pointer/cast stuff still work? I need to provide this functionality before I start on the rest of HackerEX 2. I've already decided on an upgraded codelist format that has no need of manual upgrade from old format.