Call 64bit function in 32bit process;
32位进程调用64位函数, CPP类型安全
32位进程远程注入64位进程示例
#include <Windows.h> #include <x64call> using PNtCreateThreadEx=DWORD64( PDWORD64 ThreadHandle, ACCESS_MASK DesiredAccess, LPVOID ObjectAttributes, HANDLE ProcessHandle, DWORD64 lpStartAddress, LPVOID lpParameter, BOOL CreateSuspended, DWORD64 dwStackSize, DWORD64 dwStackCommit, DWORD64 dwStackReserve, LPVOID lpBytesBuffer ); DWORD64 hThread; x64call::x64<PNtCreateThreadEx>::call("NtCreateThreadEx",&hThread,0x1FFFFF,NULL,hProc,addr64,pParam,FALSE,0,0,0,NULL); //or char const name[]="NtCreateThreadEx"; x64call::x64<PNtCreateThreadEx>::call<name>(&hThread,0x1FFFFF,NULL,hProc,addr64,pParam,FALSE,0,0,0,NULL); #include <Windows.h> #include <x64call.h> DWORD64 hThread; x64call_exec( 11, //number of target function args x64call_dlwalk("NtCreateThreadEx"),//64bit function addr (uint64_t)0x1FFFFF, //args... (uint64_t)NULL, (uint64_t)hProc, (uint64_t)addr64, (uint64_t)pParam, (uint64_t)FALSE, (uint64_t)0, (uint64_t)0, (uint64_t)0, (uint64_t)NULL, )不支持浮点类型和结构体传值