How can I store the address of a non member function in a DWORD (c++)

StackOverflow https://stackoverflow.com/questions/23234500

Question

The reason I want to do this is this: I have a c# winforms app and a c++ DLL that will be injected into another process. From the c# app i want to call CreateRemoteThread() with the address of the non member function inside of the remote processes address space. I have a MemoryMappedFile set up to allow the DLL and the app to share a structure containing whatever variables I want, currently it only contains:

DWORD AddressOfDllFunction;

If DWORD is not the best type to use here then I am open to a different type, I just want to be sure there is enough space in the variable to hold the pointer, The C# version of the struct contains the same variable except its type is IntPtr. The remote process is a 32 bit process but if I can get 64 bit support for free that would be nice too. I tried to do:

struct->AddressOfDllFunction = DllFunction;

but that does not work. I tried playing around with it and some type casting to no avail. All the searching I did was people looking to do the same but with member functions which I gleaned is not possible because you need the address of the object instance and the function. I feel like this is very simple and I am missing something obvious, I'm pretty new to c++, although I've been using .Net for a long time, but I almost never used pointers. To summarize, I need the variable in the structs data type to be able to be automatically interpreted as an IntPtr when read from the MMF in c# and I need the contents of that variable to be the address of the DLL function in the remote processes address space.

Thanks for reading, any and all constructive help is appreciated!

Was it helpful?

Solution

You should use a pointer rather than a DWORD. On the C# side IntPtr is probably fine. Perhaps a delegate would be better. Hard to tell for sure with no code.

On the C++ side you could use void* but better might be a properly typed function pointer:

typedef DWORD (__stdcall *ThreadProc)(void*);

Rather than defining this yourself you can use LPTHREAD_START_ROUTINE.

Any of these options will work for both 32 and 64 bit.

However, do note that the injected DLL must have the same bitness as the target process. You cannot inject 64 bit DLL into 32 bit process and vice versa. What's more you cannot inject into a 64 bit process by calling CreateRemoteThread from a 32 bit process.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top