Gladiator Posted April 2, 2014 Share Posted April 2, 2014 HelloI have problem with injection 64 bit dll into 64 bit exe file , in case i don't know what i should to do ?any one can help me with information , sources or some thing that solve my problemThanks Link to comment
mrexodia Posted April 2, 2014 Share Posted April 2, 2014 Hi,Look at VirtualAllocEx + CreateRemoteThread, just start a new thread at LoadLibraryW and provide a newly allocated page as argument.Its not much different from x32.Greetings,Mr. eXoDia 1 Link to comment
Dreamer Posted April 2, 2014 Share Posted April 2, 2014 http://www.softpedia.com/get/Programming/File-Editors/Injector.shtml Link to comment
Gladiator Posted April 2, 2014 Author Share Posted April 2, 2014 Thanks Dear Mr.eXoDia & Dear Dreamer for replyBut i means Code Injection via Dll Directly to PE File not to ProcessLook Likes Armadillo and many other protectors and packers 1 Link to comment
Aguila Posted April 3, 2014 Share Posted April 3, 2014 https://github.com/fancycode/MemoryModule Link to comment
Gladiator Posted April 3, 2014 Author Share Posted April 3, 2014 https://github.com/fancycode/MemoryModule Thanks for reply but i mean static dll injection , for example , injecting some asm code to show message box to x64 PE file as new section , change oep to new section and rebuild file to run without any error or etc Link to comment
kao Posted April 3, 2014 Share Posted April 3, 2014 That is not called "injection". Theoretically, everything is the same as in 32-bit world. The biggest difference is that you pass arguments to function in registers, not on stack. What did you try and what exactly did not work? Link to comment
Gladiator Posted April 3, 2014 Author Share Posted April 3, 2014 i had build 32 bit code injection to PE but in 64 bit in need some references and information Link to comment
kao Posted April 3, 2014 Share Posted April 3, 2014 Again - what exactly did you try and what exactly does not work? Attached is simple demo I made in 10 minutes using HIEW as a hex editor and to assemble x64 code.x64_adding_code.zip 1 Link to comment
Gladiator Posted April 3, 2014 Author Share Posted April 3, 2014 Thanks for Demo , I Have used Code Project PE-Inject in Win32 but i does not works in 64 bit Applicationshttp://www.codeproject.com/Articles/12532/Inject-your-code-to-a-Portable-Executable-file#PEViewerDownloadLink Would you please share demo src code ? Link to comment
mudlord Posted April 3, 2014 Share Posted April 3, 2014 (edited) Is this for your payware EXE packer/protector?Looks to me for that article, you need to read up on the differences between x64 PE header and x86.... If it was me, I would just use TitanEngine for such things, plus a decent x64 assembler like AsmJit. Edited April 3, 2014 by mudlord 1 Link to comment
mrexodia Posted April 4, 2014 Share Posted April 4, 2014 If you wanna execute your DllMain with the executable start: use CFF Explorer (import adder, add a random import). Greetings 1 Link to comment
mudlord Posted April 5, 2014 Share Posted April 5, 2014 I think he means inserting a DLL like how Armadillo works internally, or ASProtect. Link to comment
mrexodia Posted April 5, 2014 Share Posted April 5, 2014 Ah! Then you need to understand the decryption/encryption of the file inside the executable and you also need to patch some crc checks. Link to comment
mudlord Posted April 7, 2014 Share Posted April 7, 2014 I think Gladiator is meaning this in a protection sense, so this applies to unprotected apps.Might be for a x64 port of his protector? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now