C++: Injecting 32 bit targets from 64 bit process

Question

I have written a DLL-Injector in C++ recently, for which the requirements were the following

• The INJECTING PROCESS (let\'s call it the \'Injec

Answer 1

I think you could use the debug symbols API to save yourself parsing the PE header and export table. This route should yield the required information for the 32-bit injector; 64-bit target case as well, although I still don't see how you're going to pass a 64-bit address to CreateRemoteThread.

• EnumerateLoadedModules64
• SymFromName
• ImageRvaToVa

Normally these debug symbol functions require a .pdb or .sym file to operate, however I'm pretty sure they also get information from a DLL export table (just going from experience of what a debugger shows for files where I don't have symbols present).