0
  1. I have a program in C++ running on a computer and cannot change the code (But I can see the source code).
  2. Now, I want to call some methods from this running program/process using my C# project.
  3. The C++ program changes its objects in runtime. So importing the dll is not helpful in this case.

What is the best practice? Is it possible to get that process (by Process.GetProcessesByName) and somehow call a function of it in my c# project?

Parda
  • 31
  • 5
  • I don't know if that's even possible, but be aware that you could very very likely disrupt internal states of the software by just calling some code of an executable out of order without its knowledge and without well-defined interfaces. – PhilMasteG Jun 21 '18 at 10:01
  • Yes it is possible to inject yourself in another process... You can inject a dll in the process space, create a remote thread in that process and make this dll run. Then the dll can act "alone" or it can be "directed" from your program (communicating with it through a inter-process communication method). Writing this dll in .NET is a bad thing, because you have to bring with you all the .NET runtime in the target process. – xanatos Jun 21 '18 at 10:05
  • See [here](https://www.codeproject.com/Articles/4610/Three-Ways-to-Inject-Your-Code-into-Another-Proces) for a little theory. – xanatos Jun 21 '18 at 10:06
  • Old similar question: https://stackoverflow.com/q/8195504/613130 – xanatos Jun 21 '18 at 10:07
  • If you look around for "inject c# other process" you'll find much theory, little practice. – xanatos Jun 21 '18 at 10:09
  • Does the program provide any public interface (e.g., COM or DLLEXPORT) ? – Emond Jun 21 '18 at 10:11

1 Answers1

0

If the function has 1 argument you can call the function by using CreateRemoteThread() and passing the single argument in the lpParameter parameter. Pass the address of the function in lpStartAddress.

If the function takes multiple arguments you cannot call it externally using CreateRemoteThread().

To get the address of the function you can use GetProcAddress() which you will need to pinvoke, but this only works if the function is exported.

If it's not exported, you can hardcode the address which you find by reverse engineering.

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59