Gladiator Posted April 2, 2014 Posted April 2, 2014 HelloI have problem with injection 64 bit dll into 64 bit exe file , in case i don't know what i should to do ?any one can help me with information , sources or some thing that solve my problemThanks 1
mrexodia Posted April 2, 2014 Posted April 2, 2014 Hi,Look at VirtualAllocEx + CreateRemoteThread, just start a new thread at LoadLibraryW and provide a newly allocated page as argument.Its not much different from x32.Greetings,Mr. eXoDia 1
Dreamer Posted April 2, 2014 Posted April 2, 2014 http://www.softpedia.com/get/Programming/File-Editors/Injector.shtml
Gladiator Posted April 2, 2014 Author Posted April 2, 2014 Thanks Dear Mr.eXoDia & Dear Dreamer for replyBut i means Code Injection via Dll Directly to PE File not to ProcessLook Likes Armadillo and many other protectors and packers 1
Gladiator Posted April 3, 2014 Author Posted April 3, 2014 https://github.com/fancycode/MemoryModule Thanks for reply but i mean static dll injection , for example , injecting some asm code to show message box to x64 PE file as new section , change oep to new section and rebuild file to run without any error or etc
kao Posted April 3, 2014 Posted April 3, 2014 That is not called "injection". Theoretically, everything is the same as in 32-bit world. The biggest difference is that you pass arguments to function in registers, not on stack. What did you try and what exactly did not work?
Gladiator Posted April 3, 2014 Author Posted April 3, 2014 i had build 32 bit code injection to PE but in 64 bit in need some references and information
kao Posted April 3, 2014 Posted April 3, 2014 Again - what exactly did you try and what exactly does not work? Attached is simple demo I made in 10 minutes using HIEW as a hex editor and to assemble x64 code.x64_adding_code.zip 1
Gladiator Posted April 3, 2014 Author Posted April 3, 2014 Thanks for Demo , I Have used Code Project PE-Inject in Win32 but i does not works in 64 bit Applicationshttp://www.codeproject.com/Articles/12532/Inject-your-code-to-a-Portable-Executable-file#PEViewerDownloadLink Would you please share demo src code ?
mudlord Posted April 3, 2014 Posted April 3, 2014 (edited) Is this for your payware EXE packer/protector?Looks to me for that article, you need to read up on the differences between x64 PE header and x86.... If it was me, I would just use TitanEngine for such things, plus a decent x64 assembler like AsmJit. Edited April 3, 2014 by mudlord 1
mrexodia Posted April 4, 2014 Posted April 4, 2014 If you wanna execute your DllMain with the executable start: use CFF Explorer (import adder, add a random import). Greetings 1
mudlord Posted April 5, 2014 Posted April 5, 2014 I think he means inserting a DLL like how Armadillo works internally, or ASProtect.
mrexodia Posted April 5, 2014 Posted April 5, 2014 Ah! Then you need to understand the decryption/encryption of the file inside the executable and you also need to patch some crc checks.
mudlord Posted April 7, 2014 Posted April 7, 2014 I think Gladiator is meaning this in a protection sense, so this applies to unprotected apps.Might be for a x64 port of his protector?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now