SamplePayload

Payload

Demonstrates various ways to use payloads to communicate information at runtime.

This sample creates two files, payload.exe and payloadtarget.exe.

payload.exe will launch payloadtarget.exe in a suspended state, and then use DuplicateHandle followed by DetourCopyPayloadToProcessEx to inject a payload in payloadtarget.exe containing a handle to the running payload.exe.

payload.exe injects a payload in itself (since the payload is in the current process, the pointer returned by DetourCopyPayloadToProcessEx can be read like a normal pointer), and resumes the target process.

payloadtarget.exe will find the handle of its parent using DetourFindPayloadEx.

With this handle, it is able to find the payload that payload.exe injected in itself using DetourFindRemotePayload. It then fills this payload with random data (using WriteProcessMemory), and exits with the same random data as exit code.

If everything goes well, payload.exe will then recognize that both the exit code and random data are identical, and exit with code 0 (code 1 otherwise).

While this example is a bit contrieved and not representative of actual real world use, it demonstrates usage of these APIs and verifies they are working as intended.

SamplePayload

Payload

Uses

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!