CreateRemoteThread returning Access Denied

Discussion:

(too old to reply)

Richard Russell

2010-07-23 08:21:55 UTC

CreateRemoteThread is returning Access Denied when run under 64-bit
Windows 7, but works without error when the identical (32-bit)
binaries are run under 32-bit Windows 7.

I should emphasise that this isn't a case of a 32-bit process trying
to create a thread in a 64-bit process, or vice versa. Both processes
are 32-bits, running under WoW64.

Other functions accessing the remote process, such as VirtualAllocEx
and WriteProcessMemory, are apparently working correctly; it's only
CreateRemoteThread that fails. Is there a workaround for this issue?

Richard.
http://www.rtrussell.co.uk/

m***@gmail.com

2013-09-07 16:21:20 UTC

Permalink

Post by Richard Russell
CreateRemoteThread is returning Access Denied when run under 64-bit
Windows 7, but works without error when the identical (32-bit)
binaries are run under 32-bit Windows 7.
I should emphasise that this isn't a case of a 32-bit process trying
to create a thread in a 64-bit process, or vice versa. Both processes
are 32-bits, running under WoW64.
Other functions accessing the remote process, such as VirtualAllocEx
and WriteProcessMemory, are apparently working correctly; it's only
CreateRemoteThread that fails. Is there a workaround for this issue?
Richard.
http://www.rtrussell.co.uk/

Richard

Did you find a solution for this problem?

Marcus

Arunpreet Singh

2014-10-22 03:56:58 UTC

Permalink

It might be a session issue,you can't use CreateRemoteThread to create thread inside process that is in diffrent session ,Try using undocumented API NtCreateThreadEx .

More Information
http://securityxploded.com/ntcreatethreadex.php

Thanks
Arun