Another suggestion for alternative implementation is to use window’s named
pipes.
/Staffan
On 10 okt 2014, at 12:54, Thomas Stüfe wrote:
> Thanks for answering and clarifying the history!
>
> It seems after reading up on it, that kernel32.dll has a fixed base address
> and therefore is alwa
Thanks for answering and clarifying the history!
It seems after reading up on it, that kernel32.dll has a fixed base address
and therefore is always loaded to the same base, system wide. If that is
true, at least handing over addresses to GetProcAddress() etc from injector
to target VM should alwa
On 09/10/2014 02:17, Thomas Stüfe wrote:
:
I would love to know why we do it this way. I am sure there is a valid
reason for it. Maybe Backward compatibility?
This was a very typical way for debugging utilities to work at the time.
It was never intended of course to be used to attach to non
I completely agree that this code is extremely fragile and quite “hacky” -
there is no use defending (except that it works most of the time). If we can
come up with a better solution that allows us to attach to a running process, I
am all for it. Perhaps shared memory and a shared mutex could be
