Fails to inject notepad.exe into calc.exe on x64 #7
Comments
|
i have some problem too. |
not exactly sure what your issue is _specifically_, but if you're using suspendthread/setthreadcontext/resumethread on a process with a gui thread (as-if you're trying to steal a timeslice from a thread that doesn't belong to you and has other resources attached to it). keep in mind that messages can be queued to the thread prior to it executing your actual context. there's a comment at the end of https://zerosum0x0.blogspot.com/2017/07/threadcontinue-reflective-injection.html with a link which describes what I encountered back then while writing similar toys. one way to test is to first verify if it works on both a non-gui and non-console process, and then once that's confirmed see if delivering various types of window messages (mouse will work) influences the stability or leaves any "droppings" below your target's stack pointer. you can try setting the program counter pointing at an empty loop or a breakpoint. (also if you're linking other libraries into the address space, keep in mind that your export directory can contain a forward if its rva points within the directory) |
|
if you have problems with running a manually loaded instance of notepad it may be related to the properties of notepad itself (rather than any issue with the loader) more about it in this thread: #44 |
I haven't tried it on x86 but currently on x64 it is unable to inject
notepad.exeintocalc.exeother combinations works as shownI have the same problem with my implementation and i'm unable to find the reason for it
The text was updated successfully, but these errors were encountered: