CreateThread from DLL - ERROR_NOT_ENOUGH_MEMORY
https://stackoverflow.com/questions/5888421
-
28-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i've got this dll that creates a thread when loaded by LoadLibraryA, the dll is injected into another process using RtlCreateUserThread, the injection succeeds, the dll is loaded into the target process (kernel32 LoadLibraryA thread is there) but when it comes to the CreateThread i got ERROR_NOT_ENOUGH_MEMORY, so where is the problem RtlCreateUserThread or the target process or the DLL itself? and how may i solve it? thanks alot!!
Solution
Well, i did solve it, i used RtlCreateUserThread inside the dll instead of CreateThread, thank you all anyway, sorry for any incovenience.
OTHER TIPS
The problem is in your target. You loaded Kernel32, great, but you didn't tell the target process where the address of the function is. I assume you injected a code segment from your host process, therefore did not resolve the import table for your injection to the target process, as you would with DLL injection.
You can call CreateThread from the injected function, however you need to load it's address first!
typedef DATATYPE_OF_CREATETHREAD (__stdcall *MyCreateThread)(PARAMS_OF_CREATETHREAD);
MyCreateThread _MyCreateThread;
_MyCreateThread = (MyCreateThread)GetProcAddress("kernel32.dll", "CreateThread");
_MyCreateThread(PARAMS_TO_PASS); // CreateThread, with it's address loaded in memory of your injected code segment/function
Like that ^, you will be able to call CreateThread from your injected function.
P.S. I don't memorize the params createthread has, but this was written on the spot.
You're welcome :)
