DarthTon
commented
5 years ago Could be some missing access rights. You can debug GetModule itself and see failing NTSTATUS. It's probably somewhere inside low-level module enumeration functions.
Open SadGopher opened 5 years ago
DarthTon
commented
5 years ago Could be some missing access rights. You can debug GetModule itself and see failing NTSTATUS. It's probably somewhere inside low-level module enumeration functions.
SadGopher
commented
5 years ago I've tried to investigate
Looks like only .exe file is recognized as x64 module
blackbone trying to find kernel32.dll mt_mod64, but only mt_mod32 exists. I think I can dirty patch it, but not sure, it may create other problems :)
Could you explain why this situation is possible?
DarthTon
commented
5 years ago Do you run blackbone in an x86 app? Also try debugging Native::EnumModules, I'm curious why it erroneously detects module arch.
SadGopher
commented
5 years ago I'm trying to manual map (x64) dll into (x86) process via (x64) loader. Is it possible or its a problem?
DarthTon
commented
5 years ago I don't think it's currently possible. I haven't touched related code for a while.
SadGopher
commented
5 years ago Ok, thanks for response, I'll try to change target arch of my programs to x86 and post a result here
Hi, I'm using windows 10 x64, Unable to manual map x64 dll into Discord.exe https://discordapp.com/
Problem is weird. it fails here
Stack trace:
at this line
auto pLoadLibrary = GetExport( GetModule( L"kernel32.dll", LdrList, img.mType() ), "LoadLibraryW" );It fails to get module kernel32.dll Could you please give me a tip whats wrong and how to resolve the issue?
Here is my injection code:
auto processes = blackbone::Process::EnumByName(L"Discord.exe");healthy_process.Attach(processes.front);healthy_process.EnsureInit(); // <- could be removed, just read somewhere near it may helpimage_ = healthy_process.mmap().MapImage(service_bytes_.size(), service_bytes_.data(), false);I've tested injection on other processes and it worked as expected. Thanks!