Hi,
I have a problem injecting 32bit processes (using 32bit DLLs) on WinXP 64bit. Injecting 64bit processes (using 64bit DLLs) works fine.
Both 32bit and 64bit drivers are signed! (Only the 64bit is in use obviously).
I have no problems doing the same on Win7 64bit with the same binaries.
Any ideas?
Injecting 32bit processes on WinXP 64bit
Re: Injecting 32bit processes on WinXP 64bit
Both 32bit and 64bit drivers are signed AND configured with the right DLLs.
Forgot to mention that last part.
Forgot to mention that last part.
Re: Injecting 32bit processes on WinXP 64bit
As a test to make sure it's not an NTFS problem, please try to give full access rights to Everyone to the hook dlls on your XP x64 machine. Does that change anything?
I suppose you're trying to inject the 32bit dlls from within your 64bit exe? Have you tried writing a 32bit exe to inject the 32bit dlls? It should not be necessary, but it might be worth a try to identify the cause of the problem.
I suppose you're trying to inject the 32bit dlls from within your 64bit exe? Have you tried writing a 32bit exe to inject the 32bit dlls? It should not be necessary, but it might be worth a try to identify the cause of the problem.
Re: Injecting 32bit processes on WinXP 64bit
I tried the full access rights. Didn't work.
I wrote another testing 32bit application that only injects 32bit processes with a 32bit DLL. The driver is signed.
Still doesn't work on winXP 64bit. InjectLibraryW returns FALSE and GetLastError right after it returns 0.
I'm currently digging into MCH source trying to find what might cause this outcome. I'm not expecting it to be an error in MCH, but I'd like to know what's wrong since GetLastError didn't help me much.
I wrote another testing 32bit application that only injects 32bit processes with a 32bit DLL. The driver is signed.
Still doesn't work on winXP 64bit. InjectLibraryW returns FALSE and GetLastError right after it returns 0.
I'm currently digging into MCH source trying to find what might cause this outcome. I'm not expecting it to be an error in MCH, but I'd like to know what's wrong since GetLastError didn't help me much.
Re: Injecting 32bit processes on WinXP 64bit
Ok, I got to the point where InjectLibraryW succeeds for both 32bit and 64bit DLLs on Windows XP 64bit, but only 64bit applications are injected.
I'm running out of ideas.
I can send you the source code I'm testing this on if you wouldn't mind taking a look. I have the company source code license btw.
I'm running out of ideas.
I can send you the source code I'm testing this on if you wouldn't mind taking a look. I have the company source code license btw.
Re: Injecting 32bit processes on WinXP 64bit
Just noticed that 32bit injection actually works on WinXP 64bit, but only for processes that were running BEFORE calling InjectLibraryW. Everything that is executed after and is 32bit is not injected.
For example if I run 32bit notepad (from SysWow64) before I run my injector application -> it is injected. Otherwise it's not, so I guess there's a problem with detecting new 32bit processes in MCH...
For example if I run 32bit notepad (from SysWow64) before I run my injector application -> it is injected. Otherwise it's not, so I guess there's a problem with detecting new 32bit processes in MCH...
Re: Injecting 32bit processes on WinXP 64bit
It works on my test VM with my latest sources. I've only tested Windows 2003 x64, though, not XP x64, but they share the same kernel, so the results should be the same.