-
Notifications
You must be signed in to change notification settings - Fork 1k
DetourCopyPayloadToProcess
Copy a payload into a target process.
BOOL DetourCopyPayloadToProcess(
_In_ HANDLE hProcess,
_In_ REFGUID rguid,
_In_reads_bytes_(cbData) LPCVOID pvData,
_In_ DWORD cbData
);
hProcess : Process into which payload should be copied.
rguid
: GUID
of the specified payload.
pvData : Pointer to payload data.
pcbData : Size in bytes of payload data.
Returns TRUE
if the payload was successfully copied to the target
process; otherwise, returns FALSE
.
On failure, DetourCopyPayloadToProcess
will return FALSE
. Extended
error code information may be retrieved by calling
GetLastError
.
DetourCopyPayloadToProcess
allocated a region of memory in the target
process using the VirtualAllocEx
API. It then uses the WriteProcessMemory
API to create an artificial PE binary module in the
target memory. In the artificial module, DetourCopyPayloadToProcess
creates a .detours
section with the specified payload data.
Code in the target process can find the payload by enumerating through
all modules using the DetourEnumerateModules
API
and querying each module for the payload using the
DetourFindPayload
API.