STATUS_INTERNAL_ERROR occasionally (unmanaged)

Oct 31, 2010 at 2:18 PM

Hi there,

Using EasyHook, I successfully injected my DLL into a remote process, both unmanaged, and hooked some APIs there, except on some machines (less than 1/3), RhInjectLibrary returns STATUS_INTERNAL_ERROR. The tricky thing is, on the same machine, RhInjectLibrary succeeded on the first time, but failed on the 2nd time and afterwards. Further, on that machine, occasionally it succeeded, but most of the time it failed (STATUS_INTERNAL_ERROR).

What can be the common reasons for STATUS_INTERNAL_ERROR?

Thanks in advance,

Will

Nov 3, 2010 at 2:34 AM

I got it. It is because of an anti-virus program called 360 (which is very popular in China) offering 'code injection protection' to the process I want to inject.

Any ideas on how to bypass this kind of protection?

Thanks,

Will