CreateProcessEx unable to create 64bit Process From 32bit
CreateProcessEx unable to create 64bit Process From 32bit
Hi
I've tried to use CreateProcessEx to load a 64bit dll into a sample 64bit process on windows 7 x64
The calling process itself is 32 bit. According to your documentations this is possible using v3.x
However CreateProcessEx function returns error code 299 and fails.
From my 64bit process with the same code, the same call to CreateProcessEx is successful.
Please advice...
I've tried to use CreateProcessEx to load a 64bit dll into a sample 64bit process on windows 7 x64
The calling process itself is 32 bit. According to your documentations this is possible using v3.x
However CreateProcessEx function returns error code 299 and fails.
From my 64bit process with the same code, the same call to CreateProcessEx is successful.
Please advice...
Re: CreateProcessEx unable to create 64bit Process From 32bi
I've had that problem in win8 recently, but I thought it would work in win7. Does it happen with every 64bit process, or just with a specific one? Can you please check at which base address the 64bit ntdll is loaded in the target process?
Re: CreateProcessEx unable to create 64bit Process From 32bi
I've tested 64 bit version of notepad.exe and also all Microsoft office 2010 x64 products.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Hmmmm... I've double checked my emails, here's what I replied to someone else reporting a problem with win8:
I'm not sure why you get the same problems in win7 now. Either ntdll.dll or maybe the EXE module is probably loaded above the 32bit address range? In that case there's probably not much I can do. I will have to change my documentation and state that CreateProcessEx may fail on 64bit processes when calling from within a 32bit process. Or maybe I'll find a workaround. But for now you'll have to use a 64bit exe to call CreateProcessEx, it seems...Bad news. It seems that in win8 sometimes the 64bit ntdll.dll is loaded outside of the 32bit 4GB address range. In win7 this doesn't seem to happen. The problem is that if your process is 32bit, there is only limited access possible to 64bit address range. There are APIs available to read from and write to 64bit address range, but there's no API available to change the memory page protection. In order to inject dlls into a 64bit process, I need to patch ntdll.dll, but if it's loaded outside of the 32bit address range, I don't have the APIs I need to patch it.
Practically this means that CreateProcessEx can't technically work, if your process is 32bit and the target process is 64bit, and if the target process has ntdll.dll loaded outside of the 32bit address range. I would love to make this work, but Microsoft simply doesn't offer the APIs to do this. In this situation the only way to call CreateProcessEx successfully will be to compile your exe as a 64bit exe.
I'm sorry, I wish I could give you better news, but I'm bound by the API limitations Microsoft puts on me.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Do you know any program which I can use to check the memory map and address space of a 64bit process?
Re: CreateProcessEx unable to create 64bit Process From 32bi
SysInternals ProcessExplorer.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Ntdll.dll
Load Address: 779D0000
MyDLL.dll
Load Address: 180000000
Load Address: 779D0000
MyDLL.dll
Load Address: 180000000
Re: CreateProcessEx unable to create 64bit Process From 32bi
And the office and notepad exes?
Re: CreateProcessEx unable to create 64bit Process From 32bi
That was the results of office.
For notepad only the ntdll.dll base address changed to 77440000
For notepad only the ntdll.dll base address changed to 77440000
Re: CreateProcessEx unable to create 64bit Process From 32bi
No, I want to know the image base address of the modules "Office.exe" and "Notepad.exe" inside their processes.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Notepad.exe: FFE90000
Word.exe: 13FB70000
Excel.exe: 13F790000
Word.exe: 13FB70000
Excel.exe: 13F790000
Re: CreateProcessEx unable to create 64bit Process From 32bi
Thanks. I think these high addresses (> 2GB) have to do with the problem. I'll put this on my to do list to look into. I think I might be able to find a way to make this work, but it will take a while until I get to this. For now I fear you'll have to use a 64bit process to do CreateProcessEx. I'm sorry for the inconvenience.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Thank you.
Sure, I'll use a 64 bit process as a workaround while you're working on this issue.
Sure, I'll use a 64 bit process as a workaround while you're working on this issue.
Re: CreateProcessEx unable to create 64bit Process From 32bi
Hi Madshi
Were you able to solve this problem? or using a 64bit process as the initiator is the only solution?
Were you able to solve this problem? or using a 64bit process as the initiator is the only solution?
Re: CreateProcessEx unable to create 64bit Process From 32bi
Didn't find a solution yet. You still have to use a 64bit process, I'm sorry...