Comments (7)
WNODE_HEADER::Guid ?
from injdrv.
Second question.
Using ETW to get cross-process events works fine on Windows10, but in NT6.1, 6.2, and 6.3, no events will be obtained before the restart.
To be specific,
First, I put the DLL file in System32, then installed the driver service and started it, and it worked fine.
Then I started the service process that gets events, like the INJldr project, but it didn't get any events until I restarted the system.
I didn't find the reason.
from injdrv.
Third question,
There are some issues with the drivers that can cause the blue screen to occur (depending on luck).
In the operation of the InjInfoListHead linked list, you should perform necessary exclusive operations, otherwise the blue screen is inevitable when the process moves frequently.
I fixed it and it works fine so far.
from injdrv.
Well, I want to load a DLL in a process that has no Kernel32.dll dependency, usually emulator processes such as Smartgaga or Gameloop. The purpose is to enable access to memory directly from the DLL without relying on Kernel to access it for me. If you have fixed the BSOD issue for the latest Windows 10 (21H2) how can I get the corrected and fixed solution from you? Which branch or origin should I get where the BSOD has been addressed?
from injdrv.
Well, I want to load a DLL in a process that has no Kernel32.dll dependency, usually emulator processes such as Smartgaga or Gameloop. The purpose is to enable access to memory directly from the DLL without relying on Kernel to access it for me. If you have fixed the BSOD issue for the latest Windows 10 (21H2) how can I get the corrected and fixed solution from you? Which branch or origin should I get where the BSOD has been addressed?
NTSTATUS NTAPI InjCreateInjectionInfo (
IN PINJ_INJECTION_INFO* InjectionInfo,
IN HANDLE ProcessId
) {
PINJ_INJECTION_INFO CapturedInjectionInfo;
KIRQL OldIrql;
if (InjectionInfo && *InjectionInfo)
{
CapturedInjectionInfo = *InjectionInfo;
}
else
{
CapturedInjectionInfo = ExAllocatePoolWithTag(NonPagedPoolNx, sizeof(INJ_INJECTION_INFO), INJ_MEMORY_TAG);
if (!CapturedInjectionInfo)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
if (InjectionInfo)
{
*InjectionInfo = CapturedInjectionInfo;
}
}
RtlZeroMemory(CapturedInjectionInfo, sizeof(INJ_INJECTION_INFO));
CapturedInjectionInfo->ProcessId = ProcessId;
CapturedInjectionInfo->ForceUserApc = TRUE;
CapturedInjectionInfo->Method = InjMethod;
// Add Spin Lock
KeAcquireSpinLock(&InjInfoListSpinLock, &OldIrql);
InsertTailList(&InjInfoListHead, &CapturedInjectionInfo->ListEntry);
KeReleaseSpinLock(&InjInfoListSpinLock, OldIrql);
return STATUS_SUCCESS;
}
Like this, Just be careful about thread safety.
from injdrv.
Third question,
There are some issues with the drivers that can cause the blue screen to occur (depending on luck).
In the operation of the InjInfoListHead linked list, you should perform necessary exclusive operations, otherwise the blue screen is inevitable when the process moves frequently.
I fixed it and it works fine so far.
Would you mind sharing your fix?
from injdrv.
Third question,
There are some issues with the drivers that can cause the blue screen to occur (depending on luck).
In the operation of the InjInfoListHead linked list, you should perform necessary exclusive operations, otherwise the blue screen is inevitable when the process moves frequently.
I fixed it and it works fine so far.
Would you mind sharing your fix?
Refer to the code I gave in this issue. :)
from injdrv.
Related Issues (20)
- Windows 7 x64 - InjMethodThunk method failing in ntdll!RtlEqualUnicodeString due to AV HOT 3
- Infection successful but dll is not loaded HOT 16
- bypass ProcessDynamicCodePolicy mitigation policy flagged processes. HOT 1
- BSOD on Windows 10 HOT 6
- Cannot inject dll due to signing issue
- Error on build HOT 13
- don`t compiling
- inject any dll HOT 2
- InjMethodThunk issue
- BSOD Windows 10 HOT 1
- not support amd64 exe run on ARM64
- MSB3191: Unable to create director HOT 1
- 0x139_3_CORRUPT_LIST_ENTRY_injdrv in InjCreateInjectionInfo while call InsertTailList HOT 1
- PsWrapApcWow64Thread cause normalRoutine to become invalid. HOT 6
- Inject to Running processes (with no altertable threads) HOT 3
- Issue after hooking MicrosoftEdgeCP.exe HOT 4
- Random crash for wow64 process in win10 X64 1809 HOT 1
- When the driver runs, the wow64 process under the 64-bit system of win8.1 can't get up. Has anyone encountered this problem? HOT 1
- Thread create messages? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from injdrv.