|
Well, there are a couple of ways you can inject code into a foreign process. One of them is to get the process ID of the target, however you may wish to do that, OpenProcess, find a 'cave' where you can write a bit of code to, GetClassLong to get WinProc's address, WriteProcessMemory some code that will load your dll into the process address space into the cave, save the bytes at the begining of WinProc and replace them with a jump to your cave, then restore them after you're done loading the dll. Mind you instead of stealing WinProc for a second, you can also just write the cave and use CreateRemoteThread (not sure of exact name) to start a remote thread you have written into a cave, or you can emulate one of the dll's the process uses, making sure to provide ALL the imports the process needs with the proper ordinals and simply jam it into the executable root directory. The first method described was used by D2hackit, whose source is freely available. You might also want to check out code injection at the old fravia mirror at woodmann's site and ofcourse microsoft Detours.
|