rewolf-wow64ext icon indicating copy to clipboard operation
rewolf-wow64ext copied to clipboard

Published 20 hours ago verified publisher icon rwfpl

Add support for LoadLibrary.

Open yardenshafir opened this issue 6 years ago • 3 comments

yardenshafir avatar Dec 25 '17 10:12 yardenshafir

.thank u .i need this

DragonQuestHero avatar Apr 05 '18 18:04 DragonQuestHero

Hi, I have no success loading another 64bit DLL into my 32bit process running on 64bit operating system with functionality provided in this patch. According this article [1] I believe it is not possible. It lists few DLLs and it says: "These DLLs, along with the 64-bit version of Ntdll.dll, are the only 64-bit binaries that can be loaded into a 32-bit process.".

When I build a small 64bit DLL (which depends only on kernel32.dll, with static CRT) and try to load it using functionality in this patch, the load fails. I enabled loader snaps using gflags and it says [2] that the load could not happen, because kernel32.dll could not be loaded with error 0xc0000018 (STATUS_CONFLICTING_ADDRESSES, The specified address range conflicts with the address space.).

So I want to ask:

  1. Is it really possible to load 64bit DLL into 32bit process running on 64bit operating system?

  2. If so, what am I doing wrong? Why loading kernel32.dll fails?

  3. Can I build a DLL without dependency on kernel32.dll? If so, will the load suceed?

Thank you, Marek.

[1] https://docs.microsoft.com/en-us/windows/desktop/WinProg64/wow64-implementation-details

[2] 0ba8:3d60 @ 700753355 - LdrLoadDll - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll DLL path: NULL 0ba8:3d60 @ 700753355 - LdrpLoadDll - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll DLL path: C:\Windows\SYSTEM32 0ba8:3d60 @ 700753355 - LdrpLoadDll - INFO: Loading DLL c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll from path C:\Windows\SYSTEM32 0ba8:3d60 @ 700753355 - LdrpFindOrMapDll - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll DLL path: C:\Windows\SYSTEM32 0ba8:3d60 @ 700753355 - LdrpSearchPath - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll DLL path: C:\Windows\SYSTEM32 0ba8:3d60 @ 700753355 - LdrpResolveFileName - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll 0ba8:3d60 @ 700753355 - LdrpResolveFileName - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpResolveDllName - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll 0ba8:3d60 @ 700753371 - LdrpResolveDllName - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpSearchPath - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpMapViewOfSection - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll ModLoad: 0000000000080000 000000000009a000 c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll 0ba8:3d60 @ 700753371 - LdrpMapViewOfSection - RETURN: Status: 0x40000003 0ba8:3d60 @ 700753371 - LdrpRelocateImage - ENTER: DLL name: c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll 0ba8:3d60 @ 700753371 - LdrpProtectAndRelocateImage - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpRelocateImage - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpFindOrMapDll - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpHandleOneOldFormatImportDescriptor - INFO: DLL "c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll" imports "KERNEL32.dll" 0ba8:3d60 @ 700753371 - LdrpLoadImportModule - ENTER: DLL name: KERNEL32.dll DLL path: C:\Windows\SYSTEM32 0ba8:3d60 @ 700753371 - LdrpFindOrMapDll - ENTER: DLL name: KERNEL32.dll DLL path: C:\Windows\SYSTEM32 0ba8:3d60 @ 700753371 - LdrpFindKnownDll - ENTER: DLL name: KERNEL32.dll 0ba8:3d60 @ 700753371 - LdrpFindKnownDll - RETURN: Status: 0x00000000 0ba8:3d60 @ 700753371 - LdrpMapViewOfSection - ENTER: DLL name: C:\Windows\system32\KERNEL32.dll ModLoad: 0000000000550000 000000000066f000 C:\Windows\system32\KERNEL32.dll 0ba8:3d60 @ 700753371 - LdrpMapViewOfSection - RETURN: Status: 0x40000003 0ba8:3d60 @ 700753371 - LdrpRelocateImage - ENTER: DLL name: C:\Windows\system32\KERNEL32.dll 0ba8:3d60 @ 700753371 - LdrpRelocateImage - RETURN: Status: 0xc0000018 0ba8:3d60 @ 700753371 - LdrpFindOrMapDll - RETURN: Status: 0xc0000018 0ba8:3d60 @ 700753371 - LdrpLoadImportModule - ERROR: Loading DLL KERNEL32.dll from path C:\Windows\SYSTEM32 failed with status 0xc0000018 0ba8:3d60 @ 700753371 - LdrpLoadImportModule - RETURN: Status: 0xc0000018 0ba8:3d60 @ 700753371 - LdrpHandleOneOldFormatImportDescriptor - ERROR: Loading "??????" from the import table of DLL "c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll" failed with status 0xc0000018 0ba8:3d60 @ 700753371 - LdrpUnloadDll - INFO: Unmapping DLL "c:\dev\git\github\rwfpl\rewolf-wow64ext\src\x64\Release\Win32Project1.dll" 0ba8:3d60 @ 700753371 - LdrpLoadDll - RETURN: Status: 0xc0000018 0ba8:3d60 @ 700753371 - LdrLoadDll - RETURN: Status: 0xc0000018

MarekKnapek avatar Aug 29 '18 20:08 MarekKnapek

I heard that it's possible to load DLLs that only depend on NTDLL.dll, and have no dependency on Kernel32.dll. I'm about to test it out right now.

edit: Nope, doesn't work.

Dwedit avatar Jan 11 '19 22:01 Dwedit

closing as obsolete

rwfpl avatar Nov 18 '23 08:11 rwfpl