Hi,
I need to patch this dll, more precisely, I need to patch an exported function in this dll, lets call i function A.

However, in order to patch function A, I need some data that a function B works with. Those functions - A and B - have nothing in common, they dont call each other etc. I only know, that B gets called before A, so what I need is a global variable - a few bytes in this process's adress space, so I could patch function B making it write precious info in this global var,
and then I'd patch function A to retrieve this info and use it.

Now how do I go about finding such a free/unused space in adress space?

Thanks for any help!

Look for caves (alignment blocks and section padding)... Easiest way of finding them imho is opening the file in IDA or another disassembler.
I do believe you'd have to deal with relocations aswell not really sure on how to do that tho, I just remember that adding functionality to
dll's wasn't quite as straight forward as it is in exe's...

Or, maybe, you can fire your browser to research.microsoft.com and search for the TRAMPOLINE framework.

Have Phun

If the global var you are talking about is only read by A and only written by B then you better don't mess up too much in that application.

Why do you not simply patch A in a way that it always do what you want. For me it sound like that is doing somehing with a value from the global var which is filled in B. So you if you already know what you want to fill in the global var it's much more easier to modify only A accordingly to your needs.

Why do you want to patch two funtions. This increases the list of possible problems which could occur, while patching an application.

Regards,
OHPen