Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ Win7
Hi,
 
i'm currently playing with DLL-injection techniques and encountered some strange behaviour. When i try to inject a 64bit DLL into an arbitrary 64bit process (like calc.exe) via NtCreateThreadEx() by a 64bit injector EXE, nothing happens. The return value of NtCreateThreadEx() is 0xc0000005 (Access Violation). GetLastError() returns 0x6, INVALID_HANDLE.
 
If i compile my code (DLL and the injector EXE) to 32bit, everything works fine! What is the reason for this and how i get the 64bit injection via NtCreateThreadEx() done?
 
If i use CreateRemoteThread() instead of NtCreateThreadEx(), the 64bit injection works fine - but this is no solution because of the session-boundaries. I would appreciate it if someone could give me a hint on this topic.
 
With kind regards
Posted 1-Aug-12 16:21pm
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You can't load 32 bit DLLs to 64bit processes and vice versa. If you injection works fine with the 32 bit DLL, then your target process is 32 bit for sure. I have 32bit windows on my mahcine at home so can't check this right now but I'm pretty sure that your 64 bit windows still contains a lot of 32 bit legacy stuff. Maybe your calc exe is still a 32 bit stuff.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 295
1 OriginalGriff 273
2 Aajmot Sk 234
3 Marcin Kozub 205
4 Richard MacCutchan 200
0 OriginalGriff 7,903
1 Sergey Alexandrovich Kryukov 7,127
2 DamithSL 5,604
3 Manas Bhardwaj 4,986
4 Maciej Los 4,820


Advertise | Privacy | Mobile
Web01 | 2.8.1411023.1 | Last Updated 2 Aug 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100