- Forum
- Windows Programming
- Would this Work?THEORY ONLY!
Would this Work?THEORY ONLY!
closed account (G309216C)
Hi,
Just to inform you, guys this is not related to do with Code or such but a simple question on Computer Architectural Bases. Okay I created a x86 bit Injector but the thing is how to inject into a x64 bit Process.
The thing is even x64 bit programs have power to use all the x86 bit registers such as eax,ebx,edx,ecx so why cannot a x86 bit inject into x64 bit process because after all the final out put would be turned into assembly code before it getting turned into binary sequence. So why would not x86 process inject into a x64 bit.
I just need a valid & realistic answer because this has something to do with a project I am working on currently.
I require 0 code.
Cheers!
Just to inform you, guys this is not related to do with Code or such but a simple question on Computer Architectural Bases. Okay I created a x86 bit Injector but the thing is how to inject into a x64 bit Process.
The thing is even x64 bit programs have power to use all the x86 bit registers such as eax,ebx,edx,ecx so why cannot a x86 bit inject into x64 bit process because after all the final out put would be turned into assembly code before it getting turned into binary sequence. So why would not x86 process inject into a x64 bit.
I just need a valid & realistic answer because this has something to do with a project I am working on currently.
I require 0 code.
Cheers!
Here is something that is important to consider: http://en.wikipedia.org/wiki/Byte_alignment
Usually x86 code works fine on x64 architecture, it's the otherway around that breaks. Is your question rhetorical or do you know for a fact that it will not work on x64? What are you injecting and how are you injecting it?
Usually x86 code works fine on x64 architecture, it's the otherway around that breaks. Is your question rhetorical or do you know for a fact that it will not work on x64? What are you injecting and how are you injecting it?
Last edited on
memory alignment issues if x86 is 32 bit words and x64 is 64 bit words. you would have to compute different offsets.
Last edited on
closed account (G309216C)
Hi,
Thanks! For replies,
@Computergeek01
I am injecting a simple MessageBox which should pop up in the remote process. I am using VirtualAllocEx to allocate space for the function\parameters and using WriteProcessMemory() to Write the code to memory. Then calling the Functions with the parameters added using CreateRemoteThread().
Is there any type of mistake or better way I can achieve this? JUST CONCEPT NO CODE
Thanks.
Thanks! For replies,
@Computergeek01
I am injecting a simple MessageBox which should pop up in the remote process. I am using VirtualAllocEx to allocate space for the function\parameters and using WriteProcessMemory() to Write the code to memory. Then calling the Functions with the parameters added using CreateRemoteThread().
Is there any type of mistake or better way I can achieve this? JUST CONCEPT NO CODE
Thanks.
Last edited on
I've played around with thread injection to, DLL injection just seemed too noticeable to the end user and it required you to inject a thread anyway (EDIT: sometimes, I forgot about SetWindowsHookEx for a second). If you found some of the same articles I did then you'll notice they're all pretty old, I want to point out that none of them that I've read take into account ASLR which was introduced natively starting in Windows Vista. Now the addresses of Kernel32.dll and User32.dll are no longer constant, I believe they are randomized each time the OS is loaded but I'll have to get back to you if no one beats me to it. You could disable it by changing "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages" but that's cheating. Use GetModuleHandle() and GetProcAddress() make sure you have the correct address for the function you are calling.
GetModuleHandle: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683199(v=vs.85).aspx
GetProcAddress: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx
GetModuleHandle: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683199(v=vs.85).aspx
GetProcAddress: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx
Last edited on
closed account (G309216C)
The thing is, I do not want to use SetWindowsHookEx nor LoadLibrary as I am not using DLL injection but Inline Injection so how can I inject a code into a x64 bit even though the injector is x86 bit.
Thanks
Thanks
Topic archived. No new replies allowed.