DetourCreateRemote->ReadProcessMemory failed. (3) #157
Comments
|
same problem while use Themida profile |
You can download build from my fork. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have this error now (version 1.4). Using latest x64dbg.
In logs:
ERROR: Failed to write hook dll data
It only happens when any of these options enabled:
NtUserFindWindowEx
NtUserBuildHwndList
NtUserQueryWindow
NtUserGetForegroundWindow
It happens at:
ReadProcessMemory(hProcess, lpFuncOrig, originalBytes, sizeof(originalBytes), nullptr)
in DetourCreateRemote (InjectorCLI).
Params:
hProcess = 934
lpFuncOrig = 0x000002876e642180 (in win32u.dll address)
In target 0x000002876e642180 address is not initialized.
The address in target is 00007FF847802180 (NtUserFindWindowEx).
It is because win32u.dll base address in x64dbg process is different (2876E640000) and in target win32u.dll base is "normal" (7FF847800000).
The error happens because user dll VAs are got using GetProcessAddress from host process (in my case x64dbg process). But injection is done into target process (program loaded by x64dbg) where win32u.dll has different base address.
If accidently in same case target process will have same address initialized (but not with win32u.dll) then injection will happen not into win32u.dll functions, resulting in unknown buggy behavior.
The text was updated successfully, but these errors were encountered: