first of all I want to thank you for the marvellous work you are doing with MHS here.
Now to the problem. In the following snippet:
- Code: Select all
bool result;
REMOTE_CALL_RETURN ret;
LPVOID FuncAddr=0x00abcdef; //all real addresses are masked
DWORD Extra=RCE_NOTHING; //RCE_STDCALL also not working
int fparms=1;
int plindex=0xff;
UINT register [MHS_EDI+1];
register [MHS_EAX]=0xff;
register [MHS_EBX]=0x123456;
register [MHS_ECX]=0x654321;
register [MHS_EDX]=0x234567;
register [MHS_ESI]=0x345678;
register [MHS_EDI]=0x456789;
PrintF("&ret:[%p], FuncAddr:[%p], Extra:[%p], register:[%p], fparms:[%p], plindex:[%p]",&ret, FuncAddr, Extra, register, fparms, plindex);
result = CallRemoteFunction(&ret, FuncAddr, Extra, register, fparms, plindex);
PrintF("Result:%d Ret:%p", result, ret.uiPtr);
Immediately after the code is compiled with F5 in the Script Editor, the function on the adress FuncAddr is correctly called and everything is working fine, "result" is 1 and "ret" is populated. But after exiting MHS and renewed entering, attaching to the process and starting the script (without recompiling again), the function on FuncAddr is not called anymore ("result" is 0, "ret" is of course not populated). I have checked this with OllyDbg by setting a breakpoint on the address FuncAddr, no call is made from MHS (as opposed to the first case when everything is working fine a breakpoint is executed and can be traced). Only when I again compile the script with F5, the function call is working again....
It seems for me that not everything is saved in the script by exiting MHS Application which is relevant for supplying and executing the CallRemoteFunction.
Best regards,
danny
