On Sun, Jul 04, 2010 at 10:04:01AM +0400, Илья Басин wrote:
> One widely used dll injection technique is copying the dll path to the
> target process memory and calling CreateRemoteThread() using the address of
> LoadLibraryA as lpStartAddress. This relies on the fact that all processes
> have the
One widely used dll injection technique is copying the dll path to the
target process memory and calling CreateRemoteThread() using the address of
LoadLibraryA as lpStartAddress. This relies on the fact that all processes
have the same base address of kernel32.dll (and some other system dlls).
On W
Unfortunately, this is a FAQ, so I've added it. I based the answer on
the last time this came around on wine-users; I'm not a developer, so
please sanity-check what I wrote! Hopefully this will be useful in
dealing with the actual problems people think they can solve by doing
this.
http://wiki.win
Just went through the FAQ, copyediting, tweaking and bringing things
into the present:
http://wiki.winehq.org/FAQ?action=diff&rev2=347&rev1=346
Please sanity-check :-)
- d.
On 07/01/2010 12:55 PM, Hayan Lee wrote:
> Wine doc says relay supports user32, ntdll, etc, but not gdi32.
> However when I run wine, some gdi32 calls are caught, e.g, CreateBitmap()
> But some aren't caught, e.g, CreateBitmapIndirect()
See RelayFromExclude in http://wiki.winehq.org/UsefulRegistryK
