InitializeProcess returned -1
Opened this issue · 3 comments
In my case, InitializeProcess API call returns -1. Sadly I can't find more detailed information about this error.
The DLL gets attached to the target (verified with Process Explorer), the input pipe is there in the system, the output pipe does not get created - verified with PowerShell [System.IO.Directory]::GetFiles("\\.\\pipe\\")
Process ID refers to a normal user process, started by the same user trying the hook.
This is Microsoft Windows [Version 10.0.19045.3570]
C:\Programs\myhome>.\NamedPipeLauncher.exe --input \\.\pipe\Input_Pipe --output \\.\pipe\traffic --processid 14484 --load
orig fcn ptr = 00007FF6C9B01440
fcnptr = 0000000000000000
InitializeProcess returned 4294967295
Warning: Make certain the DLL is unloaded when the test is done.
If it is not unloaded, the DLL will remain within the process for the life
of the process.
Input pipe: \\.\pipe\Input_Pipe
Output pipe: \\.\pipe\traffic
Process ID: 14484
Client port: 0
Server port: 0
Same here (standard or administrator user):
> .\NamedPipeLauncher.exe --input \\.\pipe\inputpipe --output \\.\pipe\myoutputpipe --processid 19468 -c 50 -s 51 --load
orig fcn ptr = 00007FF7A9FE1440
fcnptr = 0000000000000000
InitializeProcess returned 4294967295
Warning: Make certain the DLL is unloaded when the test is done.
If it is not unloaded, the DLL will remain within the process for the life
of the process.
Input pipe: \\.\pipe\inputpipe
Output pipe: \\.\pipe\myoutputpipe
Process ID: 19468
Client port: 50
Server port: 51What version of compiler and build configuration are you using? It looks like the jump table parsing isn't working currently- I'll need to dig into the disassembly to see how to access the executable instructions directly again.
I don't have an access to that setup anymore, but it wasn't something ancient...