CreateProcess the victim with CREATE_SUSPENDED, do whatever code patching, then ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chc4 on April 23, 2024 \| parent \| context \| favorite \| on: Reverse engineering a software crack CreateProcess the victim with CREATE_SUSPENDED, do whatever code patching, then ResumeThread it. Pretty sure you can even CreateRemoteThread into the victim for DLL injection, since it just suspends the primary thread, and then patch "yourself" in DllMain instead of having to do remote memory calls.

reeeeaway on April 24, 2024 [–]

Alternatively, give frida a go. It handles all the hard parts for you magically and then you get to instrument the binary with Javascript :) mixing dynamic and static techniques is really powerful

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact