process_overwriting

process_overwriting copied to clipboard

I compiled this code into a 64-bit dll, and then injected a 64-bit program into c:\windows\system32\mrt.exe, the dll executed without problems, but the injected program failed to run

Is there anything that needs to be improved when compiling this code into a 64 bit dll?

Hi @hsxfddos ! Not sure if I understood you correctly. So, you compiled the process_overwriting project as a DLL, and then you used this DLL as an injector that injected (some other) 64-bit program into c:\windows\system32\mrt.exe? What was exactly the goal that you wanted to achieve by compiling process_overwriting as a DLL?

I just made a quick test trying to inject Sysinternals' LoadOrd64.exe into c:\windows\system32\mrt.exe and I didn't have any problems injecting into this process (tested on Windows 10):

Sometimes the injection may not work, if the payload is bigger than the target:

Not sure what exactly went wrong in your case. It would be best if you could send me all the used components to my email: hasherezade-at-protonmail.com so that I can reproduce it.