Ok, no I have working DLL injector. Injection and function calls are all besed on CreateRemoteThread.
Notepad's.exe anticheating protection didn't notice anything
Later I will set up IPC communication and may be build C# wrapper around this thing.
The problem with CreateRemoteThread is its overhead and danger of interference with the other threads.
Of cource I can create permanent thread, which will process my IPC messages when it's in the signaled state, so the overhead isn't really big problem.
The second problem I realized (thanks to forum members) that I will need to call at least some functions on the remoe main thread as they will
need TLS of the main.
Now im looking for a elegant way to do this. Here are some variants
1) Suspend main thread, store context, resume on my code, when finished restore context and continue it as if nothing happened.
This is very dangerous, it will either corrupt the data or run into deadlock sooner or later.
2) Eventually I may install thread local hook (SetWindowsHookEx, WH_CALLWNDPROC).
Do you know if the hook will be executed on the main thread (assuming its in the same virtual address space and is set up for the main thread).
If not i can forget this option.
3) Hook some of the remote functions (I rememeber EndScene was mentioned) via small stub routine.
This will make sure that my code is not executed concurrent to main thread and should keep the data safe.
However i will need to modify code section, I think such modification can be easily detected by simple CRC check, and probably will be (warden).
4) Eventually it may be possible to highjack context (and TLS) of the main thread and execute my own thread with this context.
Even if the function execute corrent, I may loose the changes if they are TLS specific, as I will need to throw my copy of TLS away when im finished.
Would be great to hear your ideas, may be even small code snippets.
It's long time ago that I programmed assembler and native C, but the skills come back fast.
My previous progect was reversing Flash based online RPG game.
However in flash its much easier to get readable source code and inject your code into target process.