Click here to Skip to main content
12,696,920 members (31,350 online)
Rate this:
Please Sign up or sign in to vote.
See more: C++ Windows Win7

i'm currently playing with DLL-injection techniques and encountered some strange behaviour. When i try to inject a 64bit DLL into an arbitrary 64bit process (like calc.exe) via NtCreateThreadEx() by a 64bit injector EXE, nothing happens. The return value of NtCreateThreadEx() is 0xc0000005 (Access Violation). GetLastError() returns 0x6, INVALID_HANDLE.

If i compile my code (DLL and the injector EXE) to 32bit, everything works fine! What is the reason for this and how i get the 64bit injection via NtCreateThreadEx() done?

If i use CreateRemoteThread() instead of NtCreateThreadEx(), the 64bit injection works fine - but this is no solution because of the session-boundaries. I would appreciate it if someone could give me a hint on this topic.

With kind regards
Posted 1-Aug-12 16:21pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

You can't load 32 bit DLLs to 64bit processes and vice versa. If you injection works fine with the 32 bit DLL, then your target process is 32 bit for sure. I have 32bit windows on my mahcine at home so can't check this right now but I'm pretty sure that your 64 bit windows still contains a lot of 32 bit legacy stuff. Maybe your calc exe is still a 32 bit stuff.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170118.1 | Last Updated 2 Aug 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100