CRASH injecting x64 in WOW64 #4990
Comments
|
#49 is the original issue covering 64-bit DR in a WOW64 process. |
derekbruening
pushed a commit
that referenced
this issue
Jul 13, 2021
Fixes issues around the -inject_x64 prototype option added by PR #4653 for #803 to enable injecting a 64-bit DR into a WOW64 (32-bit) child ("mixed mode"). Xref discussion at https://groups.google.com/g/dynamorio-users/c/rhEpslerwf8 Adds a new option -vmheap_size_wow64 since the default x64 size will not fit in a WOW64 process. Saves eax register that holds routine address for RtlUserThreadStart before mode switch, and restores it on mode switch. Fixes far jmp to switch to x64 mode on injection. Fixes env variable argument propagation. Example command line that works : $ bin64\drrun.exe -inject_x64 -c .\clientdll.dll -- bin64\create_process.exe .\helloworld32.exe We still need to add proper support on drrun64 to inject natively without having to use create_process.exe. Issue: #49, #4990
sapostolakis
pushed a commit
that referenced
this issue
Jul 14, 2021
Fixes issues around the -inject_x64 prototype option added by PR #4653 for #803 to enable injecting a 64-bit DR into a WOW64 (32-bit) child ("mixed mode"). Xref discussion at https://groups.google.com/g/dynamorio-users/c/rhEpslerwf8 Adds a new option -vmheap_size_wow64 since the default x64 size will not fit in a WOW64 process. Saves eax register that holds routine address for RtlUserThreadStart before mode switch, and restores it on mode switch. Fixes far jmp to switch to x64 mode on injection. Fixes env variable argument propagation. Example command line that works : $ bin64\drrun.exe -inject_x64 -c .\clientdll.dll -- bin64\create_process.exe .\helloworld32.exe We still need to add proper support on drrun64 to inject natively without having to use create_process.exe. Issue: #49, #4990
N0fix
added a commit
to N0fix/dynamorio
that referenced
this issue
Aug 2, 2021
Fixes a small trouble cause by PR DynamoRIO#4710 making syscall fails upon when running WoW64 process injected by x64 parent. Also add a check for inject_x64 option cross-injection based on win32.xarch test. Fixes: DynamoRIO#4990
N0fix
added a commit
to N0fix/dynamorio
that referenced
this issue
Aug 3, 2021
Fixes a small trouble cause by PR 4710 making syscall fails upon when running WoW64 process injected by x64 parent. Also add a check for inject_x64 option cross-injection based on win32.xarch test. Fixes: DynamoRIO#4990
N0fix
added a commit
to N0fix/dynamorio
that referenced
this issue
Aug 3, 2021
Fixes a small trouble cause by PR DynamoRIO#4710 making syscall fails upon when running WoW64 process injected by x64 parent. Also add a check for inject_x64 option cross-injection based on win32.xarch test. Fixes: DynamoRIO#4990
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Opening this issue to keep track of the bug associated with the PR.
Describe the bug
No support is made currently for x64 DLL injection in WOW64 processes. More information here
Example
There is no support for mixed code x86/x64 except using inject_x64 which isn't supported yet.
DynamoRIO core have mixed x86/x64 support in x64 builds, thus we need to inject x64 client DLL to handle this kind of situation, using
inject_x64.DynamoRIO crashes upon trying to inject x64 client dll inside WoW64 with the following command line :
Tweaking
-early_injectparameters does not help to resolve this issue.Versions
DynamoRIO version cronbuild-8.0.18803. (latest version at the time I am writing this issue)
Additional context
Made a PR#4989 to add some support.
All information are in the PR.
Note that this type of injection still isn't fully supported yet, and that some dynamoRIO exports might crash when used in 64client DLL injected in WoW64 processes. This is the case with dr_insert_mbr_instrumentation and dr_insert_call_instrumentation functions which inserts a x64 wrapper that cannot be decoded by a x86 running process.
The text was updated successfully, but these errors were encountered: