Comments (2)
I never intended this library to inject into a suspended process so it's not a bug in my opinion. Additionally this is caused by the insane lack of documentation of the used API.
The executable name is only used for the debug output and not critical for the injection process but my train of thought was if the injector isn't even able to grab a module name then the injection would most certainly not work anyway. And I still consider this a logical assumption to make but again, logic doesn't work when you deal with Windows.
I did some research on why this fails and it's honestly insane. It's not which dll the function belongs to and obviously there is absolutely no documentation on this. It turns out that PEB::Ldr is a nullptr when the process gets created in a suspended state.
All the modules are already loaded but the pointer to the PEB_LDR_DATA is just 0. Why? No clue. Does it make any sense? No. Is it mentioned anywhere? No.
Anyway, switching to an API that queries kernel data instead of usermode data will do the trick.
Edit: QueryFullProcessImageName will do the trick as it calls NtQueryInformationProcess with the ProcessImageFileNameWin32 flag internally.
from gh-injector-library.
Sorry for reopening this, but I wanted to thank you for the time you have taken to investigate and to confirm that your fix worked. QueryFullProcessImageName works along with the resuming process. Do you will apply this fix in the next release?
Although injecting into a suspended process was not on the scope of the library, if I am not wrong by using NtCreateThreadEx everything was already in your hands (unless there are other bad surprises to expect I would say that injecting a dll in a suspended notepad process and resume it from inside the injected dll is a great result. This will open to the possibility to deal with detection mechanism and hooking all the API calls a process can do before it starts. I would say it adds a great value to your injector.
The executable name is only used for the debug output and not critical for the injection process but my train of thought was if the injector isn't even able to grab a module name then the injection would most certainly not work anyway. And I still consider this a logical assumption to make but again, logic doesn't work when you deal with Windows.
Even if it is not critical to the injection process your logical assumption for me it is enough to take care about this and in order to be bring an extra level of safety after this fix I need to make you to quick questions:
- After the fix I experienced for the first time several times injection timeout and honestly I can't imagine how that function replacement can even have some sort on influence. I will investigate to see what could be the cause. There is a Timeout field in the Injection struct, you think can help with this?
- To resume the thread I just call
ResumeThread(hThread);
but I saw from other libraries they do that way:
if((hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, ThreadID)) == NULL)
THROW(STATUS_INTERNAL_ERROR, L"Unable to open wake up thread.");
if(!ResumeThread(hThread))
THROW(STATUS_INTERNAL_ERROR, L"Unable to resume process main thread.");
What could be the correct way?
from gh-injector-library.
Related Issues (20)
- Manual Map Crashing HOT 5
- Download/import failure. Error code: 0x0000003d HOT 1
- injection keep failing HOT 4
- Cannot run the program HOT 1
- Won't run on Windows 11 HOT 2
- Shellcode Injector execution time exceeded SR_REMOTE_TIMEOUT HOT 1
- How do i get it to inject into a game called PolyGon HOT 1
- Feature Request, Manual Map from file in memory HOT 8
- support uwp apps
- How to handle Error code: 0x1010000C HOT 10
- This shit crashes with csgo now 😡😡😡😡 HOT 1
- My injector closes when I finish injecting. HOT 4
- Shell failed with 0x0040000A HOT 5
- GetDownloadProgress Doesn't work correctly... HOT 8
- Manual map injection keep failing HOT 3
- Don't know how to make it run HOT 4
- Error! HOT 5
- BUG??? HOT 1
- From memory mapping and handle hijacking not supported HOT 4
- Issues injecting HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gh-injector-library.