Click here to Skip to main content
16,017,788 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi,

i'm currently playing with DLL-injection techniques and encountered some strange behaviour. When i try to inject a 64bit DLL into an arbitrary 64bit process (like calc.exe) via NtCreateThreadEx() by a 64bit injector EXE, nothing happens. The return value of NtCreateThreadEx() is 0xc0000005 (Access Violation). GetLastError() returns 0x6, INVALID_HANDLE.

If i compile my code (DLL and the injector EXE) to 32bit, everything works fine! What is the reason for this and how i get the 64bit injection via NtCreateThreadEx() done?

If i use CreateRemoteThread() instead of NtCreateThreadEx(), the 64bit injection works fine - but this is no solution because of the session-boundaries. I would appreciate it if someone could give me a hint on this topic.

With kind regards
Posted

You can't load 32 bit DLLs to 64bit processes and vice versa. If you injection works fine with the 32 bit DLL, then your target process is 32 bit for sure. I have 32bit windows on my mahcine at home so can't check this right now but I'm pretty sure that your 64 bit windows still contains a lot of 32 bit legacy stuff. Maybe your calc exe is still a 32 bit stuff.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900