I'm recieving a Error 5, access denied injecting a function from a 32bit process into Explorer on 64bit Windows. The same code works fine on XP32bit, Terminal server 32bit and W2003 Server 32bit.
Is this because the source is 32bit and destination 64bit? Can you see a way around it?
Code used is:
Code: Select all
var
params : pointer; // params in address space of target process
processHandle : dword;
result : DWORD; // result of remoted execution - ShellExecute() result
begin
processHandle := OpenProcess(PROCESS_ALL_ACCESS, true, processID);
....verify handle etc..
if NOT RemoteExecute(processHandle, @Remoted_StartProcess, {out} result, params, Length(targetCmd)+1 ) then
raise Exception.CreateFmt('Remote injection failed. %s (%d)',
[ SysErrorMessage(GetLastError), GetLastError ] );
end;
function Remoted_StartProcess(const commandLine: PCHAR) : DWORD; stdcall;
begin
result := ShellAPI.ShellExecuteA(
Windows.GetDesktopWindow(), // handle to parent window
nil, // pointer to string that specifies operation to perform
commandLine, // pointer to filename or folder name string
nil, // pointer to string that specifies executable-file parameters
nil, // pointer to string that specifies default directory
SW_SHOWNORMAL // whether file is shown when opened
);
end;