Marvee Amasi Comments - Answer Overflow

Marvee Amasi

•Created by Marvee Amasi on 12/16/2024 in #code-review

How to Resolve ERROR_NOACCESS (0x3E6) When Injecting Assembly Code into a PE File Using CreateThread

So after further debugging, I found that I hadn't correctly initialized the stack. Once I added the following initialization to the code, the keylogger started working correctly:

mov qword[rsp+20h], 0
lea rbx, [ThreadId]
mov qword[rsp+28h], rbx
lea r9, [Par]
lea r8, [KL]
xor rdx, rdx
lea rcx, [SECURITY_ATTRIBUTES_]
call rax

mov qword[rsp+20h], 0
lea rbx, [ThreadId]
mov qword[rsp+28h], rbx
lea r9, [Par]
lea r8, [KL]
xor rdx, rdx
lea rcx, [SECURITY_ATTRIBUTES_]
call rax

With this fix, the keylogger now works perfectly. Thanks for the help @Renuel Roberts

6 replies

Gaming

Programming