[VB.NET] Help Injector vb.net

[lionwar12]

Hello

i made dll injector vb.net
But it works only on 32 bit
doesn't work on 64 bit
so can anyone help me ?

sorry for my bad language

[warfley]

Windows simply doesn't support mixing 32 and 64 bit code, and if you are using a 32 bit DLL you can only use it within 32 bit processes (same for 64 bit)

[lionwar12]

This Dll Works on 32 and 64 bro but my injector works only on 32

[warfley]

Sure the DLL works on 32 and 64 bit Windows, as modern x64 CPU's and operating systems have 32 bit compatibility. But you can not use a 32 bit DLL within an 64 bit process and vice versa.

Are both, your target process and your DLL built for the same architecture? Otherwise there seems to be a bug in your code. Without posting further information, no one can help you

[lionwar12]

My codes works only on 32bit so i need codes to make new one for 64bit

[warfley]

Creating a DLL injector is quite easy, so I can only think about a few reasons this might fail:
1. As already said your DLL and Process have incompatible architectures
2. GetProcAddress(LoadLibrary("kernel32"), "LoadLibraryA"); called from a 32 bit process will return the address of the 32 bit variant of LoadLibraryA function, in which case it will fail when injected into a 64 bit process.

What you could do is, to target the second problem:
1. Check the target of your process you like to inject (i.e. if its x64 or x86_64)
2. Call LoadLibrary("C:\Windows\System32\kernel32.dll") on 64 bit and LoadLibrary("C:\Windows\SysWoW64\kernel32.dll") for 32 bit (don't get confused with the names, System32 is the 64 bit directory, while SysWoW64 is the 32 bit directory. Microsoft is just really bad at numbers)
3. call GetProcAddress for the handle you optained in 2

[Jeoni]

Quote:

Originally Posted by warfley

[...]
What you could do is, to target the second problem:
1. Check the target of your process you like to inject (i.e. if its x64 or x86_64)
2. Call LoadLibrary("C:\Windows\System32\kernel32.dll") on 64 bit and LoadLibrary("C:\Windows\SysWoW64\kernel32.dll") for 32 bit (don't get confused with the names, System32 is the 64 bit directory, while SysWoW64 is the 32 bit directory. Microsoft is just really bad at numbers)
3. call GetProcAddress for the handle you optained in 2

You cannot simply load the correct version of kernel32 depending on the target. If your injector is a 32 bit application, you cannot simply load the 64 bit kernel32.dll and vice versa. You might deploy two injectors and choose one depending on the architecture of the target. The harder approach to really get everything into one application is to write a 32 bit application which breaks the WOW64 emulation layer to also execute 64 bit code, load kernel32 in the 64 bit environment and inject your 64 bit dll in the 64 bit target using that. Deploying two different applications is easier though.

With best regards
Jeoni

[warfley]

Quote:

Originally Posted by Jeoni

You cannot simply load the correct version of kernel32 depending on the target. If your injector is a 32 bit application, you cannot simply load the 64 bit kernel32.dll and vice versa. You might deploy two injectors and choose one depending on the architecture of the target. The harder approach to really get everything into one application is to write a 32 bit application which breaks the WOW64 emulation layer to also execute 64 bit code, load kernel32 in the 64 bit environment and inject your 64 bit dll in the 64 bit target using that. Deploying two different applications is easier though.

With best regards
Jeoni

Ah, i forgott that to optain the address the library has to be loaded into the current process -.-. But he could simply parse the kernel32.dll for the address (similar like objdump or [insert windows alternative here] work), fetch the base address from kernel32.dll and call this one.

Alternatively, he could only write a small program like

Code:

#include<stdio.h>
#include<libloaderapi.h> // windows.h?
int main() 
{ printf("%p", &LoadLibraryA); 
  return 0; }

And compile it for x64 and x86_64 so he only needs to call this program to get the address, while the main functionality could still be in an x86_64 vb program

[Mafia67]