-
Notifications
You must be signed in to change notification settings - Fork 1k
SamplePayload
Demonstrates various ways to use payloads to communicate information at runtime.
This sample creates two files, payload.exe and payloadtarget.exe.
payload.exe will launch payloadtarget.exe in a suspended state, and then use
DuplicateHandle
followed by DetourCopyPayloadToProcessEx
to inject a payload in payloadtarget.exe containing a handle to the running payload.exe.
payload.exe injects a payload in itself (since the payload is in the current process,
the pointer returned by DetourCopyPayloadToProcessEx can
be read like a normal pointer), and resumes the target process.
payloadtarget.exe will find the handle of its parent using DetourFindPayloadEx.
With this handle, it is able to find the payload that payload.exe injected in itself using
DetourFindRemotePayload. It then fills this payload with
random data (using WriteProcessMemory),
and exits with the same random data as exit code.
If everything goes well, payload.exe will then recognize that both the exit code and
random data are identical, and exit with code 0 (code 1 otherwise).
While this example is a bit contrieved and not representative of actual real world use, it demonstrates usage of these APIs and verifies they are working as intended.
Source is located in the /samples/payload directory.
DetourFindPayloadEx, DetourFindRemotePayload, DetourCopyPayloadToProcessEx.