InjectAhkDll is not working on Windows 10, 64 bit

HotKeyIt / ahkdll-v1-release

AutoHotkey_H v1 release

http://hotkeyit.github.io/v2/

GNU General Public License v2.0

65 stars 13 forks source link

InjectAhkDll is not working on Windows 10, 64 bit #2

Closed Ciantic closed 8 years ago

Ciantic commented 8 years ago

Download the https://github.com/HotKeyIt/ahkdll-v1-release/archive/master.zip
Extract Lib to Desktop\Test\Lib\
Extract x64w\* to Desktop\Test\
Create file Desktop\Test\Start.ahk with contents:

#Include <InjectAhkDll>

Process,Exist, notepad.exe
PID := ErrorLevel
If !PID:=ErrorLevel
  Run notepad.exe,,,PID
rThread:=InjectAhkDll(PID)
rThread.Exec("MsgBox % A_WorkingDir")

I start the program by drag and dropping Start.ahk to Desktop\Test\AutoHotkey.exe.

Notepad.exe starts and then crashes, and I get message box with: Could not start ahkdll in remote process

I'm testing this inside Windows 10 64bit build 10565, running on Hyper-V virtual machine.

edit Same result with AutoHotkeyMini.dll: rThread:=InjectAhkDll(PID, "AutoHotkeyMini.dll") it crashes.

Ciantic commented 8 years ago

If I extract win32w\* and use it, it works, but it starts 32 bit notepad.exe, I want to modify 64 bit notepad.exe.

Is 64 bit parts broken?

Ciantic commented 8 years ago

Looks like I get 5 "ERROR_ACCESS_DENIED" if I throw MsgBox % DllCall("GetLastError") right after CreateRemoteThread

Ciantic commented 8 years ago

Problems start if I include InjectAhkDll:

#Include <InjectAhkDll>

DllCall("LoadLibrary","Str","kernel32.dll")
MsgBox % DllCall("GetLastError")

126: ERROR_MOD_NOT_FOUND

When using x64w\* stuff from release.

Maybe the InjectAhkDll (or x64w\AutoHotkey.exe) is broken somehow? It works if I comment out the injectahkdll:

; #Include <InjectAhkDll>

DllCall("LoadLibrary","Str","kernel32.dll")
MsgBox % DllCall("GetLastError")

zero error with this.

Ciantic commented 8 years ago

I've debugged this to GetProcAddress so far:

hKernel32 := DllCall("LoadLibraryW","Str","kernel32.dll")
MsgBox % DllCall("GetLastError") ; 0: No error

DllCall("GetProcAddress", Ptr, hKernel32, AStr, "LoadLibraryA", Ptr)
MsgBox % DllCall("GetLastError") ; 126: ERROR_MOD_NOT_FOUND

DllCall("GetProcAddress", Ptr, hKernel32, AStr, "LoadLibraryW", Ptr)
MsgBox % DllCall("GetLastError") ; 126: ERROR_MOD_NOT_FOUND

DllCall("GetProcAddress", Ptr, hKernel32, AStr, "LoadLibrary", Ptr)
MsgBox % DllCall("GetLastError") ; 126: ERROR_MOD_NOT_FOUND

And this problem happens with AutoHotkey (64 bit) Lexikos and with your 64 bit too.

And problem happens with my stable Windows 10 build 10240, and (Hyper-V virtual machine) with insider build 10565.

Ciantic commented 8 years ago

I created a small C++ program:

#include "stdafx.h"

int main()
{
    HMODULE k32 = LoadLibrary(L"kernel32.dll");
    FARPROC addrLoadLibrary = GetProcAddress(k32, "LoadLibraryW");
    std::wcout << "LoadLibrary address: " << addrLoadLibrary;
    std::cin.get();
    return 0;
}

It works as expected:

LoadLibrary address: 00007FF838DFED90

But I would hate to rewrite the InjectAhkDll.ahk in C++ (which I tried to avoid in the first place so I could easily modify the AHK script when needed).

HotKeyIt commented 8 years ago

I have fixed some bugs, it should work now ;)

Ciantic commented 8 years ago

Anyhow, I already made a C++ program that does the injection (and uninjection) for me: https://github.com/Ciantic/RemoteThreader