ReflectiveDLLInjection icon indicating copy to clipboard operation
ReflectiveDLLInjection copied to clipboard
verified publisher icon stephenfewer

Can x64 ReflectionLoader load x32 dll into x32 process?

Open Bit00009 opened this issue 5 years ago • 2 comments

This lib is great thank you @stephenfewer Can x64 ReflectionLoader load x32 dll into x32 process? What do I need to change to reach this?

Bit00009 avatar Dec 01 '20 20:12 Bit00009

The ability to inject from x64 -> x86 or vice versa was built into Metasploit's meterpreter on top of RDI, see:

https://github.com/rapid7/metasploit-payloads/blob/master/c/meterpreter/source/metsrv/base_inject.c#L497

stephenfewer avatar Dec 02 '20 10:12 stephenfewer

@stephenfewer thanks for fast reply! Can you tell me what is it ? I toke a look at source and got confused because it's a comment that says x64 -> x86 is not supported :

BREAK_ON_ERROR( "[INJECT] inject_via_apcthread: Can't do x64->x86 APC injection yet." )

There's a Improved version of RLoader https://github.com/dismantl/ImprovedReflectiveDLLInjection that claims it can do injection from x64 to WoW64 I tried it and it works in injection but it crash after 1 or 2 seconds or sometimes only on close. Can you take a look into the code it's your library with extra steps...

Bit00009 avatar Dec 02 '20 13:12 Bit00009