kernel32.CreateRemoteThread() may return None

srounet / Pymem

A python library for windows, providing the needed functions to start working on your own with memory editing.

MIT License

303 stars 45 forks source link

kernel32.CreateRemoteThread() may return None #86

Open HMaker opened 2 years ago

HMaker commented 2 years ago

When the process exits while CreateRemoteThread is called, the return type is None, but pymem is not checking that below: https://github.com/srounet/Pymem/blob/0ca7f667190eed6189ea141cf59de2c2225cf242/pymem/__init__.py#L168-L183

GetLastError() returned code 5 and I got logging error TypeError: %x format: an integer is required, not NoneType at line 183.

OpsecGuy commented 2 years ago

I see an issue in your code at line 182. thread_h returns 2 values. 1st one is PyHANDLE and second one is thread id so passing whole list into WaitForSingleObject is wrong as you should pass PyHANDLE only.

Print out your thread and check what values it stores. In my case:

new_thread = win32process.CreateRemoteThread(game.process_handle, None, 0, address, buffer, 0) print(new_thread) (, 6572)

srounet commented 2 years ago

Nice find, thank you for pointing this out @StarrFox do you confirm ?

StarrFox commented 2 years ago

seems correct to me, also think it would be nice to add the error message text from GetLastErrorAsString so it's easier to tell what the error code means