Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EnhancementRequest - ManualMap architecture independant PE's #24

Open
jfmaes opened this issue May 5, 2021 · 1 comment
Open

EnhancementRequest - ManualMap architecture independant PE's #24

jfmaes opened this issue May 5, 2021 · 1 comment

Comments

@jfmaes
Copy link
Collaborator

jfmaes commented May 5, 2021

would be nice to have the possibility to hollow out a x64 process from a x86 Dinvoke assembly.
The only way to do that ( I think) would be to spawn a new x64 processes and obtain a valid handle to it from x86 land
@TheWover
Copy link
Owner

Are you wanting to run arbitrary 64-bit executables in WOW64 processes? I agree that that would best be handled via a fork-run methodology such as process hollowing. It might be possible to do that within the current process via jumping through Heaven's Gate / manually handling WOW64 transition and loading 64-bit copies of all of the payload's dependencies.. However... that would add a lot of complexity that I don't really want to add to the scope of this project. I don't see the cost worth the benefit for this project.

In the meantime, I would rather recommend that someone just load the 32-bit version of a binary if it is available. If not, injecting the binary (or a loader such as DInvoke and passing it the binary) would work as an alternative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TheWover @jfmaes