The purpose of this repo is to house two projects that work together to demonstrate dynamically calling a function in a target process given only it's address.
This project contains the function that will be called remotely from the "External Caller" project. When run, this program will output the relative address of the function that will be called from the base of the process. This offset is then defined inside of "External Caller" and is used to calculate the absolute address of the function to call.
This project is the application that will actually generate the shellcode, write it to the target application and execute it.
Given the function to be called inside of "Target Process":
void functionToRemotelyCall(int a, bool b, std::string c);Arguments can be dynamically generated and used to execute the function:
std::vector<Arg> args = {
{ T_INT, &a },
{ T_BOOL, &b },
{ T_STRING, &c },
};
call(pHandle, args, T_VOID, functionAddress);The application will calculate the absolute address of the function given it's relative address from the base of the target process.
This demonstration was made to help this issue from memoryjs. By being able to generate shellcode based on an array of arguments, we can use JavaScript to execute a function.
Currently strings can be written to the target process but we cannot define the size/length of the string.
Credits to xetrics.