I answered an interesting StackOverflow question today and thought it was kinda neat so I'll share it with the GH homies here. Basically he wants to write asm to a process without knowing the bytes
You can write your assembly inside of a __declspec(naked) function and use WriteProcessMemory to write data into the external process, using the inline assembly function as the source. This is nice if you just need to inject some shell code real fast and don't want to convert it by hand or using a disassembler.
Here is an example that Writes from the assembly into a local buffer:
A nice way but in my opinion using bytes is easier and better when it comes to more complicated hooks because those dummy functions are by default read/execute only. That means you won't be able to change any of the opcodes (eg. to update addresses or offsets at runtime). Also inline asm isn't support in the free Visual Studio versions when building x64 apps. I prefer this way:
That way I have full control about the amount of bytes, the EXACT instructions being used (no stupid optimizations or weird behaviour on different compilers) and I can hotfix addresses.
In this case using OpenProcess isn't necessary, GetCurrentProcess returns the current handle with process_all_access by default
No and no.
Let's take a quick look at GetCurrentProcess disassembled:
As you can see GetCurrentProcess doesn't even create a handle object nor do the returned F's refer to a (kernel) handle object.
When you call some API which requires a process handle and you pass -1 to it the kernel will simply perform the actions on the caller process.
Same for GetCurrentThread:
The only difference is that the value for the current thread is -2.