Hi,
I am encountering some issues with injecting remote code into explorer.exe, I have tried many variations but GetthreadContext fails at error 87.
The reason for this is that executing 32bit into 64bit is generally insta-fail. I know i could jump to 64bit with a far call, finding natice dll then executing NtGetThreadContext and passing result back before completing the hollowing.
Is there any other examples solutions of processing hollowing implementation on a 64bit process from 32bit launcher.
Thanks
I am encountering some issues with injecting remote code into explorer.exe, I have tried many variations but GetthreadContext fails at error 87.
The reason for this is that executing 32bit into 64bit is generally insta-fail. I know i could jump to 64bit with a far call, finding natice dll then executing NtGetThreadContext and passing result back before completing the hollowing.
Is there any other examples solutions of processing hollowing implementation on a 64bit process from 32bit launcher.
Thanks
Attachments
(5.96 KiB) Downloaded 40 times
