i've got this dll that creates a thread when loaded by LoadLibraryA, the dll is injected into another process using RtlCreateUserThread, the injection succeeds, the dll is loaded into the target process (kernel32 LoadLibraryA thread is there) but when it comes to the CreateThread i got ERROR_NOT_ENOUGH_MEMORY, so where is the problem RtlCreateUserThread or the target process or the DLL itself? and how may i solve it? thanks alot!!
0
votes
I doubt very seriously that it's in RTLCreateUserThread or CreateThread, so it has to be in your DLL. However, we can't see your code from here, so it's really hard to tell you what might be wrong or how to fix it. You'll need to use the debugger, or post your code so we can help find the problem.
– Ken White
welcome to stackoverflow. Your question as stated is not answerable, sorry. Please read: meta.stackexchange.com/questions/18584/… on tips how to improve it.
– Johan
2 Answers
0
votes
0
votes
The problem is in your target. You loaded Kernel32, great, but you didn't tell the target process where the address of the function is. I assume you injected a code segment from your host process, therefore did not resolve the import table for your injection to the target process, as you would with DLL injection.
You can call CreateThread from the injected function, however you need to load it's address first!
typedef DATATYPE_OF_CREATETHREAD (__stdcall *MyCreateThread)(PARAMS_OF_CREATETHREAD);
MyCreateThread _MyCreateThread;
_MyCreateThread = (MyCreateThread)GetProcAddress("kernel32.dll", "CreateThread");
_MyCreateThread(PARAMS_TO_PASS); // CreateThread, with it's address loaded in memory of your injected code segment/function
Like that ^, you will be able to call CreateThread from your injected function.
P.S. I don't memorize the params createthread has, but this was written on the spot.
You're welcome :)
