C++ : Dll injection. Why CreateRemoteThread() fail on Notepad?

2k views Asked by At

I'm pretty new to DLL injection, doing this by curiosty and because I want to create an overlay in a game, without modifying his source code.

But for now, I'm stuck with a basic DLL injection : the one using CreateRemoteThread().

I followed this tutorial (in french, be carefull): http://xevia.webege.com/old/atoray/2010/06180.php

What I have done :

  • Injection works fine on a basic program Target.exe (see Xevia's link)
  • I can see DLL loaded by a process with EnumProcessModules()
  • After the injection in Target.exe, I can see that my "Hook.dll" has been added.
  • [edit] Checked the exe version : both notepad and my injector are 32-bits

But when I inject the dll in other processes, it doesn't seems to work, even if CreateRemoteThread() does not return NULL.

So I've checked many posts, including this one: How do I prevent DLL injection

And this one : C++ - CreateRemoteThread DLL Injection [Windows 7] (tried the absolute path, without success)

And many others, without being able to really point what was wrong. So I invoke SO-gods.

1) Could it be an access-rights issue ?

2) Could it be my method of injection, too classical ? Which one should I try ?

3) [Topic question] Why my dll isn't injected in Notepad with CreateRemoteThread?

Thanks for your time.

[open to any grammar/formulation edit]

1

There are 1 answers

0
Greg On BEST ANSWER

It works!

What I needed to change :

  • Build in x86 in order to match with target app
  • Use an absolute path

I did both but forgot to change my absolute path when switching between x86/x64...

Thanks to Adrian Roman, who put me in the right way.

enter image description here