Thread: createremotethread and writeprocessmemory problems

  1. #1
    Registered User
    Join Date
    Oct 2004

    createremotethread and writeprocessmemory problems

    Hi all.

    I've been looking into injection with c++ as im finding it interesting. However im running into difficulties. Im trying to inject internet explorer with the following line of code


    so notepad is launched from internet explorer. I know it seems like a useless idea but it still teaches me the basics. Anyway i manage to allocate room in internet explorer and write the function with the above line of code in. All that seems to work fine, but its when i call createremotethread to execute the function where it crashes. My code is below

    #include "stdafx.h"
    #include <windows.h>
    #include <string>
    using namespace std;
    #define cbInjectFunc	192
    static DWORD WINAPI InjectFunc (void) 
    	return 1;
    int APIENTRY WinMain(HINSTANCE hInstance,
                         HINSTANCE hPrevInstance,
                         LPSTR     lpCmdLine,
                         int       nCmdShow)
            MSG Msg;
    	HANDLE hProcess;
    	HWND iexplorer;
    	int PID;
           //this works fine
    	iexplorer = FindWindow("IEFrame", NULL);
    	::GetWindowThreadProcessId( iexplorer, (DWORD*)&PID );    
    	hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, false, PID);
    	int	nSuccess	= 0; 
    	DWORD dwNumBytesXferred = 0; // Number of bytes written to the remote process.
    	DWORD		*pCodeRemote;	// The address of InjectFunc in the remote process.
    	pCodeRemote = (PDWORD) VirtualAllocEx( hProcess, 0, cbInjectFunc, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
    	WriteProcessMemory( hProcess, pCodeRemote, &InjectFunc, cbInjectFunc, &dwNumBytesXferred );
    	HANDLE		hThread	   = 0;	// The handle and ID of the thread executing
    	DWORD		dwThreadId = 0;	// the remote InjectFunc.
                    //THIS IS WHERE IT CRASHES
    		// Start execution of remote InjectFunc
    		hThread = CreateRemoteThread(hProcess, NULL, 0, 
    				(LPTHREAD_START_ROUTINE) pCodeRemote,
    				NULL, 0 , &dwThreadId);
    		WaitForSingleObject(hThread, INFINITE);
    		GetExitCodeThread(hThread, (PDWORD) &nSuccess);
    	return 0;
    Any ideas?

  2. #2
    Registered User
    Join Date
    Jun 2004
    this should be in the windows programming board.
    check return values for all functions. and since you're writing in a another process' memory, I think you're injecting the code somewhere where you shouldn't.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. createremotethread and writeprocessmemory problems
    By Hawkin in forum Windows Programming
    Replies: 3
    Last Post: 01-19-2008, 09:33 AM
  2. CreateRemoteThread() for subclassing
    By bennyandthejets in forum Windows Programming
    Replies: 24
    Last Post: 07-26-2003, 09:23 AM