Thread: CreateRemoteThread in a child process

hi,
i am trying to create a new thread in a child process:

Code:

long WINAPI eThread(){
    AllocConsole();
    freopen("CONOUT$", "wb", stdout);
    printf("ok\n");                                               
}

Code:

if( !CreateProcess(
    "C:\\WINDOWS\\System32\\calc.exe",
    NULL,
    NULL,                   // Process handle not inheritable. 
    NULL,                   // Thread handle not inheritable. 
    FALSE,                  // Set handle inheritance to FALSE. 
    0,                      // No creation flags. 
    NULL,                   // Use parent's environment block. 
    NULL,                   // Use parent's starting directory. 
    &si,                    // Pointer to STARTUPINFO structure.
    &pi )                   // Pointer to PROCESS_INFORMATION structure.
){
	printf( "CreateProcess failed (%d).\n", GetLastError() );
}
else if(!CreateRemoteThread(pi.hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)eThread, 0, 0, 0)){
	printf( "CreateRemoteThread failed (%d).\n", GetLastError() );
}

the calc.exe starts, but exit immediately with a fatal error. do i need other flags?
the error comes not from the AllocConsole etc - it doesn't matter what eThread executes, it exits all the time.

thx for help, stev

http://msdn.microsoft.com/en-us/libr...37(VS.85).aspx
Read lpStartAddress parameter description carefully.

"The function must exist in the remote process."

gg

You can receive the message through a windows hook.

what hook do i have to use ? i just found that:

WH_CBT

To write a CBT application, the developer must coordinate the CBT application with the application for which it is written. Windows supplies the WH_CBT hook to make this possible. Windows passes a hook code to the filter function, indicating which event has occurred and the appropriate data for the event.

HCBT_MOVESIZE

Windows calls the WH_CBT hook with this hook code when Windows is about to move or size a window, and the user has just finished selecting the new window position or size. In the case of thread-specific hooks, the thread must own the window. If the filter function returns TRUE, the action does not occur.

the problem is, that the HCBT_MOVESIZE hook will be called if the user has just finished selecting the new window position or size. but that dosent work because there is this damn minimum size. anymore ideas?

hi and thx. the subclassing works now with a WH_CBT hook, but now i have problems to catch the WM_GETMINMAXINFO event (i get no output 'in').
maybe searching for the topwindow by the classname "CicMarshalWndClass" doesn't work. i tried it with GetParent() and GetAncestor(), but that dosent work too.

Code:

long oldwinproc;
LRESULT CALLBACK WndProcOverwrite(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam){ // the new window procedure
	
    HANDLE hPipe = connectToPipe();	
    WritePipe(hPipe, "*"); /// subclassing works
    
    if(msg == WM_GETMINMAXINFO){			
        WritePipe(hPipe, "in"); // !!!
        ((MINMAXINFO*)lParam)->ptMinTrackSize.x = 300;
        ((MINMAXINFO*)lParam)->ptMinTrackSize.y = 300;
        
        CloseHandle(hPipe);
        return DefWindowProc(hwnd, msg, wParam, lParam);
    }
    CloseHandle(hPipe);
    return CallWindowProc((WNDPROC)oldwinproc, hwnd, msg, wParam, lParam );
}

LRESULT CALLBACK filterFunc(int nCode, WPARAM wParam, LPARAM lParam){ // WH_CBT hook
    if (nCode == HCBT_CREATEWND){
    	HWND hwnd = (HWND)wParam;
       	
       	if(getModule(hwnd, "notepad.exe")){
            char wndClassname[STRLEN]; RealGetWindowClass(hwnd, wndClassname, STRLEN);
            if(strstr(wndClassname, "CicMarshalWndClass")){                            	 
                oldwinproc = SetWindowLongPtr(hwnd, GWLP_WNDPROC, (long)WndProcOverwrite);                
            }
      	}
    }
    return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}