wow64ext v1.0.0.4 – bugfix release

Bugfix release, there was a problem with GetModuleHandle64 in the previous version of the library (only v1.0.0.3 was affected). Basically I’ve failed at InLoadOrderModuleList iteration and I was skipping the last element, which is (usually) wow64cpu.dll.

Link to library hosted on google code: http://code.google.com/p/rewolf-wow64ext/
Direct link to zip package: http://rewolf-wow64ext.googlecode.com/files/rewolf.wow64ext.v1.0.0.4.zip

4 Comments

  1. Hi,

    Sorry again but think there must be another bug\error with hooking:

    __declspec(naked) void Callback()
    {
    X64_End();
    __asm mov eax, 0
    //whNtCreateFile
    X64_Start();
    }
    int WINAPI WinMain(HINSTANCE,HINSTANCE,LPSTR,int)
    {
    DWORD64 s = GetProcAddress64(GetModuleHandle64(L"wow64cpu.dll"),"TurboDispatchJumpAddressStart");
    cout<<s;
    LPVOID sz = (LPVOID) s;
    LPVOID cake = Callback;
    HANDLE Handle = OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessId());
    DWORD dwOldProtect = {0};
    VirtualProtectEx(Handle,(PVOID*)s,(SIZE_T)5,PAGE_EXECUTE_READWRITE,&dwOldProtect);
    *(BYTE*)(s) = 0xE9;
    *(DWORD*)(s+1) = ((DWORD)cake - ((DWORD)sz + 5));
    cin.get();
    }

    Error info: Unhandled exception at 0x0112E081 in wow64ext.exe: 0xC0000005: Access violation writing location 0x00002014.

    Reply

      1. @ReWolf
        Okay, Your Library is perfect, it is the Microsoft Visual Studio 2012 LOL. I see the EIP hit my Callback, but VS cannot “emulate”\”understand” the x64 due to the VS Debug DLL being x86 thus the Exceptions and such.

        However, I am getting confused that VS was able to before somehow get the breakpoint being pointed towards the callback but suddenly now it fails. No clue, though.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *