[fpc-pascal] Remote Thread creation and function calling
Felipe Monteiro de Carvalho
felipemonteiro.carvalho at gmail.com
Mon May 17 22:41:57 CEST 2010
Hello,
I have recently worked on a project that required creating a remote
thread in another Process. The thread is injected by allocating memory
in the target process and copying my thread as well as some data. This
thread surely needs to call Windows APIs, but curiously direct calls
to kernel32.dll APIs as declared in the Windows unit don't work, but
if I get the address of the function in my main program and pass it to
the remote thread then it can call it.
This isn't really a problem, because I had read that this is indeed
the case in C too, I am just wondering why does this happen. I mean, I
don't see the difference between calling the function from the Windows
unit and the one loaded with GetProcAddress from the remote thread, I
would imagine that both just end up calling the same address?
Note that the subtle thing here is that on Windows the functions from
kernel32.dll are guaranteed to be on the same address in every
application, and that's why I can get the address in the main
application and use it in the remote thread. Or else this thread would
be unable to call APIs. In pseudo code what mean is:
This crashes:
function MyRemoteThread(param: PRemoteData): DWord; stdcall;
begin
lib := Windows.LoadLibrary(some params);
end;
But this works:
function MyRemoteThread(param: PRemoteData): DWord; stdcall;
begin
lib := param^.vLoadLibrary(some params);
end;
And vLoadLibrary was filled using GetProcAdress
thanks,
--
Felipe Monteiro de Carvalho
More information about the fpc-pascal
mailing list