Inject sleep() into a function of an external process

Question

I know how to inject a DLL into a running process and also how to utilize functions used internally by the process e.g.

void__stdcall remoteMethod(unsigned short id)
{
typedef void (__stdcall *pFunctionAddress)(unsigned short);
pFunctionAddress pMyFunction = (pFunctionAddress)(0xCAFEBABE);
pMyFunction(id);
}

Now i want to add a sleep() into an existing method in the running process - this is the main loop of the program and doesnt stop for a sec and uses up all processing power.

I know that with frameworks like detours i could make a trampoline function which calls my function and then the original one - however my problem is that the while(1) loop is somewhere within the function of the external process. So i know the offset where the loop starts - and after that i would like to first call sleep() and then continue with the normal route of the loop.

The only alternative i saw so far is binary editing the program but this is not a good solution.

Any suggestion? Thanks

+1 for trying to `sleep()` with the `0xCAFEBABE`. – Justin ᚅᚔᚈᚄᚒᚔ Aug 19 '11 at 15:34 — Justin ᚅᚔᚈᚄᚒᚔ, Aug 19 '11 at 15:34

score 3 · Accepted Answer · answered Aug 19 '11 at 19:58

3

I think you are trying to be too cute here. Just call SuspendThread/ResumeThread alternately on a timer. I know it's ugly, but you aren't going to enter your solution in any beauty pageant I suspect.

answered Aug 19 '11 at 19:58

David Heffernan

601,492
42
1,072
1,490

1

Agreed. Or much simpler: start the process with start.exe /low – Hans Passant Aug 19 '11 at 20:03
Thats a nice idea - how do i get the main thread from binary if i inject my dll into it? – Steve Aug 19 '11 at 22:57
If you have the main window handle you can call GetWindowThreadProcessId. – David Heffernan Aug 20 '11 at 07:00
What if it does? You need to find the miscreants and go to work on them. – David Heffernan Aug 20 '11 at 11:18

score 2 · Answer 2 · answered Aug 19 '11 at 20:04

2

Post the name of the spin-waiting program.
Wait for SO-ers to send hate mail to the developer.
Install the update the developer sends you as a bribe to stop the hate mail.

answered Aug 19 '11 at 20:04

Ben Voigt

277,958
43
419
720

score 1 · Answer 3 · answered Aug 19 '11 at 15:33

1

In principle, as long as you've been executed once within the space of the other process, and you know that the loop isn't executing, then you could enabling writing to text pages and patch the actual loop code in situ. You'll need a few redundant bytes to write a call to your function over (extending the function will need a lot of rewriting as all relative offsets will break).

This is not, however, terribly easy nor terribly robust. Consider why you want to to this, and if you can achieve the goal another way.

answered Aug 19 '11 at 15:33

Adam Wright

48,938
12
131
152

as i said my goal is that the target process does not consume all cpu on one core because of some lousy programming which does a while(1) without sleep i might be able to indicate some unneeded function call in the loop like a printF which i could replace with a sleep so that the stack pointer etc is not influenced since the functions size isnt altered – Steve Aug 19 '11 at 17:21
2

How have you determined that the program has a while(1) loop that does nothing? Can't you just `nice` the process down the scheduler priority, if you're worried about unresponsiveness? – Adam Wright Aug 19 '11 at 17:39

Inject sleep() into a function of an external process

3 Answers3