Since I haven't found an answer to the question asked previously here I'm trying a different approach.
Is there any way to share memory between two processes?
The second process gets the information from an injection since it's a legacy program that it's not being supported anymore.
My idea is to inject some code there, in the struct that I am passing to the injected program pass the address (or whatever) to the share memory where the data I need to run is located. Once I get the data I will populate my own variables inside the injected thread.
Is this possible? How?
Code is appreciated.
EDIT:
I think it's not clear so I'll clarify. I do know how to inject. I am doing it already. The issue here is to pass dynamic data to the injection.
The user just writes data to the process memory, and the operating systems dumps the data to the file. When two processes map the same file in memory, the memory that one process writes is seen by another process, so memory mapped files can be used as an interprocess communication mechanism.
File mapping can be used to share a file or memory between two or more processes. To share a file or memory, all of the processes must use the name or the handle of the same file mapping object. To share a file, the first process creates or opens a file by using the CreateFile function.
Two functions shmget() and shmat() are used for IPC using shared memory. shmget() function is used to create the shared memory segment, while the shmat() function is used to attach the shared segment with the process's address space.
Although windows supports shared memory through its file mapping API, you can't easily inject a shared memory mapping into another process directly, as MapViewOfFileEx does not take a process argument.
However, you can inject some data by allocating memory in another process using VirtualAllocEx and WriteProcessMemory. If you were to copy in a handle using DuplicateHandle, then inject a stub which calls MapViewOfFileEx, you could establish a shared memory mapping in another process. Since it sounds like you'll be injecting code anyway, this ought to work well for you.
To summarize, you'll need to:
You may find it a bit easier if your stub loads an external library - that is, have it simply call LoadLibrary (finding the address of LoadLibrary is left as an exercise to the reader) and do your work from the library's dllmain entry point. In this case using named shared memory is likely to be simpler than futzing around with DuplicateHandle. See the MSDN article on CreateFileMapping for more details, but, essentially, pass INVALID_HANDLE_VALUE for hFile and a name for lpName.
Edit: Since your problem is passing data and not actual code injection, here are a few options.
Edit 2: Here's a sketch of how you might implement handle or pointer storage for your stub:
.db B8 ;; mov eax, imm32 .dl handle_value ;; fill this in (located at the start of the image + one byte) ;; handle value is now in eax, do with it as you will ;; more code follows...
You could also just use a fixed name, which is probably simpler.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With