waliedassar

Injecting 64Bit Dll Into 32Bit Process

Jan 25th, 2013
887
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassr.blogspot.com/
  2. //http://www.twitter.com/waleedassar
  3.  
  4. Disassembling the "Wow64!ProcessInit" function, you can see that it is possible to inject a 64-bit DLL into a 32-bit process (Wow64 process).
  5.  
  6. All you have to do is drop a DLL named Wow64Log.dll into the "System32" directoy. The library must export the following symbols/functions:
  7. 1) Wow64LogInitialize, called immediately by the "ProcessInit" function.
  8. 2) Wow64LogSystemService, called by the " Wow64SystemServiceEx" function i.e. upon
  9. every system call e.g. ZwQueryInformationProcess.
  10. 3) Wow64LogMessageArgList, called by the "Wow64LogPrint" function upon issuing various system calls.
  11. 4) Wow64LogTerminate, called by the "whNtTerminateProcess" function upon process termination
  12.  
  13. Best Regards
  14. Waliedassar
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×