Hooking 32 bit processes on Windows 64 bits

c++ / delphi package - dll injection and api hooking
Post Reply
televes
Posts: 13
Joined: Mon Jul 27, 2009 4:10 pm

Hooking 32 bit processes on Windows 64 bits

Post by televes »

Hello, I have a little problem, hope somebody can help me.

I want to hook some APIs system-wide in 32 and 64 bits systems. I have created the corresponding injector program which contains the following lines:

Code: Select all

LoadInjectionDriver(L"TWAMHkDriver", L"TWAMHk32.sys", L"TWAMHk64.sys")
result32 = InjectLibrary("TWAMHkDriver", "TWAMHk32.dll", ALL_SESSIONS, true, NULL, HOOK_EXCLUDES, NULL);
result64 = InjectLibrary("TWAMHkDriver", "TWAMHk64.dll", ALL_SESSIONS, true, NULL, HOOK_EXCLUDES, NULL);
I have compiled this program in 32 and 64 bits versions, and I have done the same with the DLL.

If I run the 32 bit program on a Win32 machine then result32 is true and result64 is false, so everything is normal.

If I run the 64 bit program on a Win64 machine then result32 is false and result64 is true, but if I’m right I should be getting true on both calls.

What am I doing wrong?

Thank you very much!
Top
madshi
Site Admin
Posts: 10764
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hooking 32 bit processes on Windows 64 bits

Post by madshi »

Probably the configuration of the driver is not correct. You need to configure the 64bit driver to accept both the 32bit and 64bit dlls.
Top
televes
Posts: 13
Joined: Mon Jul 27, 2009 4:10 pm

Re: Hooking 32 bit processes on Windows 64 bits

Post by televes »

Thats it! Thanks!
Top
Post Reply

Return to “madCodeHook”