Cant load kernel32 windows 10 home

[jazzybecker]

Since i update to this version, it cant load kernel32.dll that with previous version is work.

[fancycode]

What exactly is the previous and what is this version?

[jazzybecker]

the version 0.0.3 is work very good sir. why in this version cant load kernel32.dll from memory ?

[undergroundwires]

Windows 10 trying to load Kernel32.dll gives me ERROR_BAD_EXE_FORMAT at 512th line in MemoryModule.h :

    GetNativeSystemInfo(&sysInfo);
    alignedImageSize = AlignValueUp(old_header->OptionalHeader.SizeOfImage, sysInfo.dwPageSize);
    if (alignedImageSize != AlignValueUp(lastSectionEnd, sysInfo.dwPageSize)) {
        SetLastError(ERROR_BAD_EXE_FORMAT);
        return NULL;
    }

"%1 is not a valid Win32 application."

Shell32.dll loads and run fine.

MemoryModule loads the kernel32.dll without any problem if I just comment out that if check.

[lynnux]

Yes, I have the same problem when load "ntdll.dll" on win7 x64. It seems the alignment checking are failed, due to old_header->OptionalHeader.SectionAlignment is 0x1000 for normal dlls, but for ntdll is 0x10000, and the kernel32 is also 0x10000!

the previous version don't have AlignValueUp stuff, so should be work.

[Elmue]

Why do you want to load ntdll.dll or kernel32.dll into any running process? These are the first DLLs which Windows loads into ANY process as the first DLLs when the process is started. Use GetModuleHandle("ntdll.dll") or GetModuleHandle("kernel32.dll") instead!

[akasandra]

Very interesting what is the purpose to load kernel32 or ntdll with MemoryModule?

[jazzybecker]

Hello, sorry for late reply. Back then, i used to "cheat" on game that using nProtect. Yes it can direct syscall, but im too lazy writing shellcode for different Windows. xD