BlackBone
Windows memory hacking library
 All Classes Functions
Public Member Functions | Friends | List of all members
blackbone::RemoteExec Class Reference

Public Member Functions

BLACKBONE_API RemoteExec (class Process &proc)
 
BLACKBONE_API NTSTATUS CreateRPCEnvironment (bool bThread=true, bool bEvent=true)
 Create environment for future remote procedure calls More...
 
BLACKBONE_API NTSTATUS ExecInNewThread (PVOID pCode, size_t size, uint64_t &callResult)
 Create new thread and execute code in it. Wait until execution ends More...
 
BLACKBONE_API NTSTATUS ExecInWorkerThread (PVOID pCode, size_t size, uint64_t &callResult)
 Execute code in context of our worker thread More...
 
BLACKBONE_API NTSTATUS ExecInAnyThread (PVOID pCode, size_t size, uint64_t &callResult, Thread &thread)
 Execute code in context of any existing thread More...
 
BLACKBONE_API DWORD ExecDirect (ptr_t pCode, ptr_t arg)
 Create new thread with specified entry point and argument More...
 
BLACKBONE_API void AddReturnWithEvent (AsmHelperBase &a, eModType mt=mt_default, eReturnType retType=rt_int32, uint32_t retOffset=RET_OFFSET)
 Generate return from function with event synchronization More...
 
BLACKBONE_API NTSTATUS GetLastStatus ()
 Retrieve last NTSTATUS code More...
 
BLACKBONE_API void TerminateWorker ()
 Terminate existing worker thread More...
 
BLACKBONE_API ThreadgetWorker ()
 Get worker thread More...
 
BLACKBONE_API class ProcessMemorymemory ()
 Ge memory routines More...
 
BLACKBONE_API void reset ()
 Reset instance More...
 

Friends

template<typename Fn >
class RemoteFuncBase
 

Member Function Documentation

void blackbone::RemoteExec::AddReturnWithEvent ( AsmHelperBase a,
eModType  mt = mt_default,
eReturnType  retType = rt_int32,
uint32_t  retOffset = RET_OFFSET 
)

Generate return from function with event synchronization

Parameters
aTarget assembly helper
mt32/64bit loader
retTypeFunction return type
retOffsetReturn value offset
NTSTATUS blackbone::RemoteExec::CreateRPCEnvironment ( bool  bThread = true,
bool  bEvent = true 
)

Create environment for future remote procedure calls

_userData layout (x86/x64):

| Internal return value | Return value | Last Status code | Event handle | Space for copied arguments and strings |

| 8/8 bytes | 8/8 bytes | 8/8 bytes | 16/16 bytes | |

Parameters
bThreadCreate worker thread
bEventCreate sync event for worker thread
Returns
Status
DWORD blackbone::RemoteExec::ExecDirect ( ptr_t  pCode,
ptr_t  arg 
)

Create new thread with specified entry point and argument

Parameters
pCodeEntry point
argThread function argument
Returns
Thread exit code
NTSTATUS blackbone::RemoteExec::ExecInAnyThread ( PVOID  pCode,
size_t  size,
uint64_t &  callResult,
Thread thd 
)

Execute code in context of any existing thread

Parameters
pCodeCde to execute
sizeCode size.
callResultExecution result
thdTarget thread
Returns
Status
NTSTATUS blackbone::RemoteExec::ExecInNewThread ( PVOID  pCode,
size_t  size,
uint64_t &  callResult 
)

Create new thread and execute code in it. Wait until execution ends

Parameters
pCodeCode to execute
sizeCode size
callResultCode return value
Returns
Status
NTSTATUS blackbone::RemoteExec::ExecInWorkerThread ( PVOID  pCode,
size_t  size,
uint64_t &  callResult 
)

Execute code in context of our worker thread

Parameters
pCodeCde to execute
sizeCode size.
callResultExecution result
Returns
Status
BLACKBONE_API NTSTATUS blackbone::RemoteExec::GetLastStatus ( )
inline

Retrieve last NTSTATUS code

Returns
BLACKBONE_API Thread* blackbone::RemoteExec::getWorker ( )
inline

Get worker thread

Returns
BLACKBONE_API class ProcessMemory& blackbone::RemoteExec::memory ( )
inline

Ge memory routines

Returns
void blackbone::RemoteExec::reset ( )

Reset instance

void blackbone::RemoteExec::TerminateWorker ( )

Terminate existing worker thread

The documentation for this class was generated from the following files: