I am looking for a way to inject code into an already running process and have it run (it would read memory space of the process, call code of the process etc)
Or if that cant be done, is theree a way to get the process to load my DLL instead of some system dll so that my DLL can sit there and wait for a signal (e.g. external signal sent to say that it can
Note that changing the on-disk representation of the process is not an option (i.e. I cant modify the process exe file on disk).
This is for a program that would load into the memory space of a running Trymedia app and (by calling the trymedia functions in the exe file) decrypt protected resource files. You would change parameters in the code or in a config file (e.g. filename of protected resource file, output filename, size, location within the memory space of the protected exe file for redirected CreateFileA/ReadFile and so on) and then build the dumper.
Then you load the target and wait untill you get to a point where it has to have read the desired data file (i.e. let it get into the game)
Then you would run or trigger the code that was loaded into the process memory space which would read in the protected resource file via the trymedia hooks and write it out to disk in unencrypted form.
With this, you wouldnt need a debugger or debugger-hider. Or any messing about with breakpoints or runtime patching. All you would need to do is to find the location within the .bss segment of the needed AM functions for the AM version you are cracking, it would really only need CreateFileA and ReadFile redirects I think. It could even be run by someone who has an unlocked copy of the program in question (someone who doesnt have any reverse engineering skills)
In fact, if one was to build up a database linking AM version to location of needed hooks, one could make it even easier to use
