Three Ways to Inject Your Code into Another Process
2008-11-08 10:08
525 查看
Download entire package - 180 Kb
Download WinSpy - 20 Kb (demo application)
Windows Hooks
The CreateRemoteThread & LoadLibrary TechniqueInterprocess Communications
The CreateRemoteThread & WriteProcessMemory TechniqueHow to Subclass a Remote Control With this Technique
When to Use this Technique
Some Final Words
Appendixes
References
Article History
![](http://www.codeproject.com/KB/threads/winspy/winspy1.gif)
Several password spy tutorials have been posted to The Code Project, but all of them rely on Windows hooks. Is there any other way to make such a utility? Yes, there is. But first, let me review the problem briefly, just to make sure we're all on the same page.To "read" the contents of any control - either belonging to your application or not - you generally send the
![](http://www.codeproject.com/images/minus.gif)
Collapse
Put your code into a DLL and map the DLL to the remote process using the CreateRemoteThread & LoadLibrary technique.
Instead of writing a separate DLL, copy your code to the remote process directly - via
for more information: http://www.codeproject.com/KB/threads/winspy.aspx?df=100&forumid=16291&select=1025152&msg=1025152
Download WinSpy - 20 Kb (demo application)
Contents
IntroductionWindows Hooks
The CreateRemoteThread & LoadLibrary TechniqueInterprocess Communications
The CreateRemoteThread & WriteProcessMemory TechniqueHow to Subclass a Remote Control With this Technique
When to Use this Technique
Some Final Words
Appendixes
References
Article History
Introduction
![](http://www.codeproject.com/KB/threads/winspy/winspy1.gif)
Several password spy tutorials have been posted to The Code Project, but all of them rely on Windows hooks. Is there any other way to make such a utility? Yes, there is. But first, let me review the problem briefly, just to make sure we're all on the same page.To "read" the contents of any control - either belonging to your application or not - you generally send the
WM_GETTEXTmessage to it. This also applies to edit controls, except in one special case. If the edit control belongs to another process and the
ES_PASSWORDstyle is set, this approach fails. Only the process that "owns" the password control can get its contents via
WM_GETTEXT. So, our problem reduces to the following: How to get
![](http://www.codeproject.com/images/minus.gif)
Collapse
::SendMessage( hPwdEdit, WM_GETTEXT, nMaxChars, psBuffer );executed in the address space of another process.In general, there are three possibilities to solve this problem:Put your code into a DLL; then, map the DLL to the remote process via windows hooks.
Put your code into a DLL and map the DLL to the remote process using the CreateRemoteThread & LoadLibrary technique.
Instead of writing a separate DLL, copy your code to the remote process directly - via
WriteProcessMemory- and start its execution with
CreateRemoteThread. A detailed description of this technique can be found here.
for more information: http://www.codeproject.com/KB/threads/winspy.aspx?df=100&forumid=16291&select=1025152&msg=1025152
相关文章推荐
- Three Ways To Inject Your Code Into Another Process
- Three Ways to Inject Your Code into Another Process
- 转帖:Three Ways to Inject Your Code into Another Process
- Three Ways to Inject Your Code into Another Process
- Three Ways to Inject Your Code into Another Process
- Three Ways to Inject Your Code into Another Process
- Three Ways to Inject Your Code into Another Process
- Three Ways to Inject Your Code into Another Process
- Three ways to get your MAC address
- Inject your code to a Portable Executable file
- Inject your code to a Portable Executable file by ashkbiz
- 10 ways to make your code more testable
- Your task is to find for a given phone number any of its divisions into groups of two or three digit
- Inject your code to a Portable Executable file
- jQuery Lint: enables you to automatically inject jQuery Lint into the page as it is loaded (great for ad-hoc code validation)
- Three ways to get your MAC address
- Inject Your Code to a Portable Executable File[www.codeguru.com]
- Inject your code to a Portable Executable file
- Three ways to throw exception in C#. Which is your preference?
- 代码注入(Inject your code to a Portable Executable file)