CreateRemoteThread make target crash

NewGuy 11 Reputation points
2021-07-20T10:19:16.85+00:00

I want to call my function from another process. It work with LoadLibrary and my dll but when i use application-defined function, target
application crash.
Error is: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 064F...
Build as Release still the same. Remote thread don't return and still alive.
Has anyone encountered this issue before and/or know a solution?

DWORD WINAPI ThreadProc(_In_ LPVOID lpParameter) {
    return (DWORD)&lpParameter;
}

int main()
{
    //process
    HANDLE hProcess = GetProcess();
    if (!hProcess) {
        cout << "!hProcess\n";
        system("pause");
        exit(0);
    }

    //function
    SIZE_T nFSize = 200000;
    LPVOID lpFunctionAddress = VirtualAllocEx(hProcess, NULL, nFSize, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if (!lpFunctionAddress) {
        cout << "!lpFunctionAddress\n";
        system("pause");
        exit(0);
    }
    WriteProcessMemory(hProcess, lpFunctionAddress, &ThreadProc, nFSize, NULL);

    //param
    DWORD param = 222;
    SIZE_T nPSize = sizeof(param);
    LPVOID lpParamAddress = VirtualAllocEx(hProcess, NULL, nPSize, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if (!lpParamAddress) {
        cout << "!lpFunctionAddress\n";
        system("pause");
        exit(0);
    }
    WriteProcessMemory(hProcess, lpParamAddress, &param, nPSize, NULL);



    //run thread
    HANDLE pRemoteThread = CreateRemoteThread(hProcess, NULL, nFSize, (LPTHREAD_START_ROUTINE)lpFunctionAddress, lpParamAddress, 0, NULL);
    DWORD code;
    if (!pRemoteThread) {
        cout << "!pRemoteThread\n";
        system("pause");
        exit(0);
    }
    WaitForSingleObject(pRemoteThread, INFINITE);
    //
    GetExitCodeThread(pRemoteThread, &code);
    cout << code << endl;// code = 3221225477 and target crash
    system("pause");
    return 0;
}
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,617 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,729 questions
{count} votes

2 answers

Sort by: Most helpful
  1. RLWA32 45,571 Reputation points
    2021-07-20T13:18:58.373+00:00

    Several points for you to address -

    1. Build the application that does the code injection as a Release Build.
    2. The func() function does not conform to the prototype required of a ThreadProc ms686736(v=vs.85)
    3. Do some error checking in your code. Right now there is none.
    4. Return a recognizable value other than 0 from the remote thread and use GetExitCodeThread to ensure that the remote thread executed as expected.
    1 person found this answer helpful.
    0 comments No comments

  2. rupesh shukla 16 Reputation points
    2021-07-20T15:15:16.347+00:00

    Few additional point.

    1) You are using OpenProcess but how do you know that process is really opened or not . So I will suggest use WaitForSingleObject() to make sure that process is really
    opened or you can also try GetExitCodeProcess() etc.

    2) Before using hProcess in your code make sure that hProcess is not NULL.

    3) In case of failure use GetLastError() to know the error.

    in the above code I am not even sure that CreateRemoteThread() is using a valid hProcess parameter. So try the mentioned suggestion and let us know the outcome.

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.