I'm wondering about the LPVOID lpParameter parameter of the CreateRemoteThread function. Because processes don't share memory, the remote thread can't access a struct in our process. So, does the function copy the parameter and manages it by it own or do we need to allocate memory with VirtualAllocEx and then call WriteProcessMemory to actually copy the struct into the remote process?
Asked
Active
Viewed 604 times
3
Cœur
- 37,241
- 25
- 195
- 267
Sebastian Hoffmann
- 11,127
- 7
- 49
- 77
1 Answers
2
CreateRemoteThread does not do any automatic management of lpParameter. You are correct, it is up to the developer to ensure that lpParameter is a valid pointer in the context of the target process. VirtualAllocEx and WriteProcessMemory are definitely options for doing so.
Aaron Klotz
- 11,287
- 1
- 28
- 22
-
Note also that the parameter doesn't actually have to be a pointer. If you only need to pass a single parameter (and it will fit) you can cast it to LPVOID and back again. An example might be passing a handle you've copied into the target process using DuplicateHandle. – Harry Johnston Jun 11 '12 at 19:55