ReflectiveDLLInjection icon indicating copy to clipboard operation
ReflectiveDLLInjection copied to clipboard
verified publisher icon stephenfewer

updated GetReflectiveLoaderOffset to handle PE32's and PE64's regardless of the injector's architecture

Open whyallyn opened this issue 10 years ago • 0 comments

I updated GetReflectiveLoaderOffset to handle PE32's and PE64's regardless of the injector's architecture. I did this by adding boolean "is64" parameter to Rva2Offset. If is64 is true, PIMAGE_NT_NEADERS64 is used, otherwise PIMAGE_NT_NEADERS32 is used. This is useful when you have a DLL that doesn't match the architecture of the injecting code.

whyallyn avatar Jun 04 '15 06:06 whyallyn