Inject without needing admin rights

contains all delphi packages mentioned below
Post Reply
manutai
Posts: 85
Joined: Sun Aug 03, 2008 1:40 am

Inject without needing admin rights

Post by manutai »

Hi,

We are currently using madcodehook drivers to inject into few white listed processes. These processes are all user level processes. The injection is happening in processes which are currently running as well as into processes which will be launched in the future.

But those drivers require admin access to get installed. We are looking to meet this requirement in the admin-less way.

Is this possible? Please suggest.
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Re: Inject without needing admin rights

Post by madshi »

You need specific privileges to be able to load a driver. A normal user can't do that. So if you want to use madCodeHook's injection driver, sadly you need admin rights. Of course you can try to get along without using madCodeHook's injection driver, but then it's your own job to make sure your hook dll is injected automatically into newly created processes. E.g. you could (mis)use SetWindowsHookEx() for that purpose, which I think doesn't need admin rights. But you're on your own with that, if you decide to go that way...

The usual approach is to either have your injection EXE require admin rights, or to install a service in your installer, which will then do the injection, so that your main exe can run without needing admin rights.
manutai
Posts: 85
Joined: Sun Aug 03, 2008 1:40 am

Re: Inject without needing admin rights

Post by manutai »

Got it !!
Was already expecting this answer but was still trying my luck :P
Thanks !!
iconic
Site Admin
Posts: 1064
Joined: Wed Jun 08, 2005 5:08 am

Re: Inject without needing admin rights

Post by iconic »

Just adding to what Madshi has said, which is 100% correct. The specific privilege to enable is the SeLoadDriverPrivilege. madCodeHook's driver based injection automatically does this for you prior to attempting to load the driver, so you will not need to do this manually yourself.

--Iconic
Post Reply