-
Notifications
You must be signed in to change notification settings - Fork 1k
SamplePayload
Demonstrates various ways to use payloads to communicate information at runtime.
This sample creates two files, payload.exe
and payloadtarget.exe
.
payload.exe
will launch payloadtarget.exe
in a suspended state, and then use
DuplicateHandle
followed by DetourCopyPayloadToProcessEx
to inject a payload in payloadtarget.exe
containing a handle to the running payload.exe
.
payload.exe
injects a payload in itself (since the payload is in the current process,
the pointer returned by DetourCopyPayloadToProcessEx
can
be read like a normal pointer), and resumes the target process.
payloadtarget.exe
will find the handle of its parent using DetourFindPayloadEx
.
With this handle, it is able to find the payload that payload.exe
injected in itself using
DetourFindRemotePayload
. It then fills this payload with
random data (using WriteProcessMemory
), and exits with the same random data as exit code.
If everything goes well, payload.exe
will then recognize that both the exit code and
random data are identical, and exit with code 0 (code 1 otherwise).
While this example is a bit contrieved and not representative of actual real world use, it demonstrates usage of these APIs and verifies they are working as intended.
Source is located in the /samples/payload directory.
DetourFindPayloadEx, DetourFindRemotePayload, DetourCopyPayloadToProcessEx.