Hi,
i'm currently playing with DLL-injection techniques and encountered some strange behaviour. When i try to inject a 64bit DLL into an arbitrary 64bit process (like calc.exe) via NtCreateThreadEx() by a 64bit injector EXE, nothing happens. The return value of NtCreateThreadEx() is 0xc0000005 (Access Violation). GetLastError() returns 0x6, INVALID_HANDLE.
If i compile my code (DLL and the injector EXE) to 32bit, everything works fine! What is the reason for this and how i get the 64bit injection via NtCreateThreadEx() done?
If i use CreateRemoteThread() instead of NtCreateThreadEx(), the 64bit injection works fine - but this is no solution because of the session-boundaries. I would appreciate it if someone could give me a hint on this topic.
With kind regards