Friday, September 24, 2010

Injecting a dll to explorer.exe under windows 7 - FAILED

Today I tried to get an old self-coded tool to work under windows 7 64bit... I'm talking about my Desktop Symbol Utility I coded for and under windows XP.
In fact, I really do not require it because I managed to deactivate the dropshadow of the icon texts on the desktop while keeping the transpareny under windows 7 - without the help of an external tool! :-) Wow, finally Microsoft got it working... after how many years?

Howsoever, I found this tool accidentally again on my harddrive while searching for something else and tried to run it under my windows 7. As I had already expected, injecting the dll into explorer process did not work. So I extracted the code and had a look into it. I expected some typical error as it was programmed under a 32bit system and maybe the is some incompatible/wrong use of data types? Well, unfortunately not. It turned out that the CreateRemoteThread() call failed. My first assumption that the way the process ID is obtained is no longer valid under win7 was wrong - a simple compare with the PID in Process Explorer showed it. Also the other functions (VirtualAlloc etc.) succeeded.
Maybe it something to do with protected processes? (-> Link to article from Microsoft).
Well, I don't know... so if there is someone out there who got this tool working under Win7-64, please drop me some lines how you managed it - would be really great!

1 comment:

Anonymous said...

Looks like you are an expert in this field, you really got some great points there, thanks.

- Robson