CreateThread à partir de DLL - ERROR_NOT_ENOUGH_MEMORY

Question

J'ai cette dll qui crée un thread lorsqu'elle est chargée par LoadLibraryA, la dll est injectée dans un autre processus en utilisant RtlCreateUserThread, l'injection réussit, la dll est chargée dans le processus cible (le thread kernel32 LoadLibraryA est là) mais quand ilvient au CreateThread j'ai eu ERROR_NOT_ENOUGH_MEMORY, alors où est le problème RtlCreateUserThread ou le processus cible ou la DLL elle-même?et comment puis-je le résoudre?merci beaucoup !!

Answer 1

Well, i did solve it, i used RtlCreateUserThread inside the dll instead of CreateThread, thank you all anyway, sorry for any incovenience.

Answer 2

The problem is in your target. You loaded Kernel32, great, but you didn't tell the target process where the address of the function is. I assume you injected a code segment from your host process, therefore did not resolve the import table for your injection to the target process, as you would with DLL injection.

You can call CreateThread from the injected function, however you need to load it's address first!

typedef DATATYPE_OF_CREATETHREAD (__stdcall *MyCreateThread)(PARAMS_OF_CREATETHREAD);
MyCreateThread _MyCreateThread;

_MyCreateThread = (MyCreateThread)GetProcAddress("kernel32.dll", "CreateThread");
_MyCreateThread(PARAMS_TO_PASS); // CreateThread, with it's address loaded in memory of your injected code segment/function

Like that ^, you will be able to call CreateThread from your injected function.

P.S. I don't memorize the params createthread has, but this was written on the spot.

You're welcome :)