Not using CreateProcess
If you are launching your application with any option other than CreateProcess you are effectively using CreateRemoteThread to inject into the application you have just started running using CreateProcess.
The Inject and Wait for Application to Start functionality also use CreateRemoteThread to inject into an application.
For the reasons below, injection using CreateRemoteThread does not always work.
Common reasons for injection failure
•A missing DLL in your application
Check your application is complete.
•The target application is a .NET application or .NET service
Check your application or service is not written using .NET technology.
•A missing DLL in Bug Validator
Check Bug Validator is installed correctly.
•The application may have started and finished before the DLL could be injected
This only applies if you are launching the application.
•The application security settings do not allow process handles to be opened
•The application is a service and is running with different privileges than Bug Validator
If the application being injected into is a service it is recommended that the service and Bug Validator are both run on the same user account. See the topic on working with NT services.
Application Specific Reasons for Failure
A small percentage of applications/services will not allow any DLL to be injected into them.
The reasons for this are unknown, but our testing shows that the reason for failure to inject is a combination of application, operating system and hardware that causes an inconsistency during injection (we think it is a timing issue) that causes a failure.
Our tests show that on NT 4 about 1% of all applications fail to inject, 2% on Windows 2000 rising to 5% with Windows XP.
We expect that subsequent operating systems (Windows 2003 and Windows Vista) will have higher failure rates.
|