https://github.com/system233/x64call
Call 64bit function in 32bit process
https://github.com/system233/x64call
createremotethread ntcreatethreadex x64call
Last synced: 4 months ago
JSON representation
Call 64bit function in 32bit process
- Host: GitHub
- URL: https://github.com/system233/x64call
- Owner: System233
- License: mit
- Created: 2021-12-31T09:04:18.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-12-31T11:37:27.000Z (over 3 years ago)
- Last Synced: 2024-11-16T19:15:32.531Z (6 months ago)
- Topics: createremotethread, ntcreatethreadex, x64call
- Language: Assembly
- Homepage:
- Size: 9.77 KB
- Stars: 6
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# x64call
Call 64bit function in 32bit process;
32位进程调用64位函数, CPP类型安全
## Usage
32位进程远程注入64位进程示例
### IN CPP
```cpp
#include
#include
using PNtCreateThreadEx=DWORD64(
PDWORD64 ThreadHandle,
ACCESS_MASK DesiredAccess,
LPVOID ObjectAttributes,
HANDLE ProcessHandle,
DWORD64 lpStartAddress,
LPVOID lpParameter,
BOOL CreateSuspended,
DWORD64 dwStackSize,
DWORD64 dwStackCommit,
DWORD64 dwStackReserve,
LPVOID lpBytesBuffer
);
DWORD64 hThread;
x64call::x64::call("NtCreateThreadEx",&hThread,0x1FFFFF,NULL,hProc,addr64,pParam,FALSE,0,0,0,NULL);
//or
char const name[]="NtCreateThreadEx";
x64call::x64::call(&hThread,0x1FFFFF,NULL,hProc,addr64,pParam,FALSE,0,0,0,NULL);
```
### IN C
```c
#include
#include
DWORD64 hThread;
x64call_exec(
11, //number of target function args
x64call_dlwalk("NtCreateThreadEx"),//64bit function addr
(uint64_t)0x1FFFFF, //args...
(uint64_t)NULL,
(uint64_t)hProc,
(uint64_t)addr64,
(uint64_t)pParam,
(uint64_t)FALSE,
(uint64_t)0,
(uint64_t)0,
(uint64_t)0,
(uint64_t)NULL,
)
```
## Notes
不支持浮点类型和结构体传值