C++ – Injecting 32bit dll into 64bit process – Autoit makes it possible

autoitccode-injectiondll

afaik there is no way to inject 32bit dlls into 64bit processes and vice versa (at least it's not possible with my c++ written injector / dll). However, when using the Autoit injector from http://pastebin.com/AGWw2kT8 it is possible to inject 32bit dlls into 64bit processes. This Autoit library uses the same way of injecting as my c++ injector (CreateRemoteThread). Can someone explain this behaviour?

Best Answer

I've found the reason why the injection was successful. In the Autoit injection test script I use @SystemDir & "\calc.exe" as path for the target application. However, on a 64bit Windows installation the @SystemDir macro points to C:\Windows\SysWOW64 instead of C:\Windows\System32 - therefore the script started the 32bit version of calc.exe, in which the injection succeeded.

Related Solutions

C++: Injecting 32 bit targets from 64 bit process

I stumbled upon this thread looking for a solution for the same problem.

So far I'm inclined to use another simpler solution. To obtain a 32-bit kernel proc address, the 64-bit process can just execute a 32-bit program that will look up the proc addresses for us:

#include <Windows.h>

int main(int argc, const char**)
{
    if(argc > 1)
        return (int) LoadLibraryA;
    else
        return (int) GetProcAddress;
}

C++ Dll injection — Hello world dll only works when injected into the same .exe that injects it

PCWSTR srcDll = L"test.dll"; //dll in the same directory as the injector.exe

Since you're executing LoadLibraryW() in the target program, not the injector, it doesn't know what "same directory as the injector" is - it just searches for it in standard directories documented on MSDN.

You need to pass the full path instead of the relative one.

Best Answer

Related Solutions

C++: Injecting 32 bit targets from 64 bit process

C++ Dll injection — Hello world dll only works when injected into the same .exe that injects it

Related Topic