InjectLibrary fails, GetLastError = 0
InjectLibrary fails, GetLastError = 0
I've just upgraded to the new MadCollection v2.7.4. My development and test environment for now is 32-bit Windows Server 2003.
InjectLibrary is returning false, indicating a failure of some sort, however GetLastError is returning 0. I'm sure its something I'm doing wrong (had to recompile the injection dll for the new version of MadCollection, might have missed something). My question though is, why would GetLastError be returning 0 for a failed injection attempt? Is it really the case that InjectLibrary has no idea why it failed?
InjectLibrary is returning false, indicating a failure of some sort, however GetLastError is returning 0. I'm sure its something I'm doing wrong (had to recompile the injection dll for the new version of MadCollection, might have missed something). My question though is, why would GetLastError be returning 0 for a failed injection attempt? Is it really the case that InjectLibrary has no idea why it failed?
Re: InjectLibrary fails, GetLastError = 0
Are we talking about injection into one target process? Or system/user/session wide injection? Which development language are you using? Can I see your injection code, please?
Re: InjectLibrary fails, GetLastError = 0
I'm developing using C++ (Visual Studio 2008), and here's the relevant code snippets.
First we check that the driver is installed (it is):
Then we check that the driver is running (it is):
And finally we attempt the injection (this was working until we upgraded MadCollection):
The InjectLibrary call returns FALSE, and GetLastError returns 0.
First we check that the driver is installed (it is):
Code: Select all
IsInjectionDriverInstalled(L"MyDriver")
Code: Select all
IsInjectionDriverRunning(L"MyDriver")
Code: Select all
InjectLibraryW(L"MyDriver", <path to 32-bit DLL to be injected>, ALL_SESSIONS)
Re: InjectLibrary fails, GetLastError = 0
Hmmmmm... Not sure why InjectLibrary is not returning an error value. Anyway, you say you recompiled the hook dll. Did you also reconfigure and resign the driver? That's necessary if the hook dll changes...
Re: InjectLibrary fails, GetLastError = 0
Yes definately, and codesigned with the microsoft cross certificate too. But this is an area where, like you say, errors can creep in. If the driver was bound to a different dll to the one I'm attempting to inject, would InjectLibrary return some sort of error code? Do you have a function that will take, for example, a driver and a dll, and tell me if the driver is bound to the dll or not?
Any other ideas?
Any other ideas?
Re: InjectLibrary fails, GetLastError = 0
I ran some more tests. I can call InjectLibrary(<path to dll>, GetCurrentProcess()) and it succeeds. It only fails if I use the driver-facilitated function call. And if I give a bad dll path GetLastError returns the correct error code (123).
Re: InjectLibrary fails, GetLastError = 0
I don't really have a good way to test whether a driver supports a specific hook dll, or whether the driver was signed correctly. The first thing would be possible for me to add, but the 2nd I don't know how to do.
My suggestion would be to double check with one of the madCodeHook demos. E.g. try this one:
http://madshi.net/HookProcessCreation.zip
Try to just create a driver for this demo with your own certificate, using the same configuration and signing logic you're using for your main project. If the demo then still works then the configuration and signing should be fine. If the demo stops working as soon as you use your "self-made" driver then there must be a problem somewhere with the configuration and/or signing.
I wish I had a better way to help you. But for now trying with the demo seems like the best approach to me.
My suggestion would be to double check with one of the madCodeHook demos. E.g. try this one:
http://madshi.net/HookProcessCreation.zip
Try to just create a driver for this demo with your own certificate, using the same configuration and signing logic you're using for your main project. If the demo then still works then the configuration and signing should be fine. If the demo stops working as soon as you use your "self-made" driver then there must be a problem somewhere with the configuration and/or signing.
I wish I had a better way to help you. But for now trying with the demo seems like the best approach to me.
Re: InjectLibrary fails, GetLastError = 0
I've tracked it down. The driver had been bound to a different injection dll (a debug version of the same filename).
Under those circumstances, could you make GetLastError return something more meaningful than 'success'? And I'd really love to have that extra function if you could add it, to check whether a driver has been bound to a specified dll.
Thanks
Under those circumstances, could you make GetLastError return something more meaningful than 'success'? And I'd really love to have that extra function if you could add it, to check whether a driver has been bound to a specified dll.
Thanks
Re: InjectLibrary fails, GetLastError = 0
I'll put it on my to do list, but it could take a while until I get to that...