How to change the base address of the DLL using

  • Thread starter Thread starter Raghu P S
  • Start date Start date
R

Raghu P S

Guest
How to change the base address of the DLL using windows API.

I have tried using VirtualAllocEx() function to allocate the memory in the remote process and loaded the DLL into the remote process using CreateRemoteThread(). DLL writing into the remote process successfully but base address is different from the VirtualAllocEx() function allocated address.

// 1. Allocate memory in the remote process for szLibPath
// 2. Write szLibPath to the allocated memory
pLibRemote = ::VirtualAllocEx( hProcess, /*(LPVOID)0x10000000*/NULL, sizeof(szLibPath), MEM_COMMIT, PAGE_READWRITE );
if( pLibRemote == NULL )
return false;
::WriteProcessMemory(hProcess, pLibRemote, (void*)szLibPath,sizeof(szLibPath),NULL);

// Load ".dll" into the remote process
// (via CreateRemoteThread & LoadLibrary)
hThread = ::CreateRemoteThread( hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32,"LoadLibraryA"),
pLibRemote, 0, NULL );
if( hThread == NULL )
goto JUMP;

::WaitForSingleObject( hThread, INFINITE );
// Get handle of loaded module
::GetExitCodeThread( hThread, &hLibModule );
::CloseHandle( hThread );

I have also tried using ReBaseImage() function. It changes only the image base, base address is not changing.

Please suggest me is there any API to change the base address of the DLL.


Thanks

Raghu

Continue reading...
 

Similar threads

D
Calling function in injected process dll
Replies
0
Views
144
doliolarzz
D
R
VirtualAllocEx address issue
Replies
0
Views
79
Raghu P S
R
Y
Dll Eject Help
Replies
0
Views
132
Yordy Corrales
Y
J
How to handle the situation where shared data (shared memory) using raw pointers being used in two separate threads in C++?
Replies
0
Views
823
John paul coder
J
J
How to handle the situation where shared data (shared memory) using raw pointers being used in two separate threads in C++?
Replies
0
Views
370
John paul coder
J
Back
Top