ASM Question ($)

[Cypher]

I want to see the one, writing a DLL with that range of functions in ASM.

He probably meant the binary would be in ASM (i.e. native) and that you'd write it in C/C++/Delphi/whatever/.

[schlumpf]

I hope so.

[Smarter]

I understand the rules, I am asking how it would be possible, and for a possible example method of calling functions out of an injected DLL with C#? (Psuedo code even). As for the creation of such a DLL, I personally only program in C#, so I will have to purchase that knowledge from someone.

[SKU]

Note that I don't really have the knowledge of injecting DLLs / C++ in general, but I don't think there's much of a difference between calling a function of your own injected dll or calling a function of a 'normal' module of the target's process. (Correct me if I'm wrong. :P)

Inject your DLL into the target process
Find the function(s) you want to call
In this case, I inject a DLL with a simple function that pops up a messagebox.
Call said function via C# (gogo BlackMagic)

Code:

            w.Asm.Clear();
            uint ccCode = w.AllocateMemory(0x1000);
            w.Asm.AddLine("push 0");
            w.Asm.AddLine("call 0x00E11000"); // my msgbox function
            w.Asm.AddLine("retn");
            w.Asm.InjectAndExecute(ccCode);
            w.FreeMemory(ccCode);

Code:

00E11000                              8BC0               MOV EAX,EAX
00E11002                              8BC0               MOV EAX,EAX ; just to find it :P
00E11004                              8BC0               MOV EAX,EAX ; same
00E11006                              8BC0               MOV EAX,EAX ; same
00E11008                              6A 00              PUSH 0
00E1100A                              68 FC41E100        PUSH notepad2.00E141FC                    ; UNICODE "Wut"
00E1100F                              68 0442E100        PUSH notepad2.00E14204                    ; UNICODE "Hi thar"
00E11014                              6A 00              PUSH 0
00E11016                              FF15 9830E100      CALL DWORD PTR DS:[<&USER32.MessageBoxW>] ; USER32.MessageBoxW
00E1101C                              33C0               XOR EAX,EAX
00E1101E                              C2 0400            RETN 4

This is probably a bad way, but it works. Still don't get why you would call this stuff from C# if all the logic is already in your DLL..

[barthen]

So how does one interact with the injected DLL? Via Memory reads at known offsets? Such as: dll injection? in c#... and they said it was impossible

Are there any more "managed" ways of interacting with an injected DLL?

Would EasyHook - The reinvention of Windows API Hooking - Home allow me to get rid of the need for an injected "non-managed" DLL?, by using that to inject my managed DLL?

Well, you can use almost any Interprocess Communications method you can think of to talk to your injected DLL from another process.

Usually people use dll shared memory, named pipes or sockets, but you have many options. Take a look here:
http://msdn.microsoft.com/en-us/library/aa365574(VS.85).aspx

[Smarter]

Thank you everyone.