I have injected inside another application and I have this "user call" function I want to call. So I've written a simple ASM wrapper that just aligns up my params on the right registers and calls the function.
This is my code for placing my ASM bytes into the application.
ASMWrapper = Marshal.AllocCoTaskMem(asm.Length);
Marshal.Copy(asm, 0, ASMWrapper, asm.Length);
After this I just register a delagate at this location and I'm good to go. Now the funny thing is that this works on 4 out of my 5 tested computers, and the last one I've tried to format and install with a clean Windows 7 Ultimate. Just like the other computers. It still doesn't work.
What I can do though, is using WriteProcessMemory to just write my ASM code. If I do this it works, since then I can place the code where the original code is.
Is there anyone who knows why it behaves like this? I would prefer using the AllocCoTaskMem way to place my asm instead of trying to find somewhere to place it manually.
Nothing short of VirtualAlloc or VirtualProtect can give you a memory block that's both writable and executable. Use
VirtualAlloc(0, Size, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Neither of the allocators that you use allows execution of the memory they allocate.
The crash is contingent upon the system and BIOS settings for data execution prevention (DEP), and whether the CPU supports it. But pervasive DEP is where the industry is going, might as well play nice with it.