C++: Injecting 32 bit targets from 64 bit process

Question

I have written a DLL-Injector in C++ recently, for which the requirements were the following

• The INJECTING PROCESS (let\'s call it the \'Injec

Answer 1

This answer addresses an earlier version of the question, it is mostly irrelevant to the case of a 64-bit injector.

---

Are you saying that approach works? Because according to the documentation, you can't get information about 64-bit processes from WOW64:

If the function is called by a 32-bit application running under WOW64, the dwFilterFlag option is ignored and the function provides the same results as the EnumProcessModules function.

(EnumProcessModules explains the restriction further)

If this function is called from a 32-bit application running on WOW64, it can only enumerate the modules of a 32-bit process. If the process is a 64-bit process, this function fails and the last error code is ERROR_PARTIAL_COPY (299).

But you really do need to find the base address where kernel32.dll loaded, because of ASLR.