Page 1 of 1

System wide InjectLibrary fails with 0x1f to x86 from x64

Posted: Wed Sep 03, 2014 7:26 am
by TCS
Hey,

I am trying to use InjectLibraryW() in 64bit application in order to install system-wide injection for acrord32.exe (acrobat reader), and it fails with 0x1f. InjectLibraryW() to 64bit application works.
InjectLibraryW() is being called from 64bit process (service or application with admin right).
I am running the code in windows 7 x64.

I have done the following:
1. Compiled the injected dll (called acrojet.dll).
2. Configured the driver:

Code: Select all

madConfigDrv.exe Jector86.sys JectorDriver acrojet.dll -unsafeStopAllowed
3. Signed the driver (signing without timestamp).
4. In the application:
a. I first call "InitializeMadCHook();"

b.

Code: Select all

LoadInjectionDriver(INJECTION_DRIVER_NAME,
				               (app_path + L"x86\\jector86.sys").c_str(),
					       (app_path + L"jector64.sys").c_str())
function returns TRUE. (jector64.sys is signed and configured)

c.

Code: Select all

InjectLibraryW(INJECTION_DRIVER_NAME,
		                      app_path + L"x86\\acrojet.dll",
		                      ALL_SESSIONS,
		                      FALSE,
		                      L"acrord32.exe")
function returns FALSE, GetLastError() returns 0x1f.


Any idea what am I missing???


Thanks!!!

Re: System wide InjectLibrary fails with 0x1f to x86 from x6

Posted: Thu Sep 04, 2014 9:46 am
by madshi
What is your command line to configure the 64bit driver?

Error 0x1f means ERROR_GEN_FAILURE, which means "A device attached to the system is not functioning". That suggests some sort of the problem with the driver configuration or signing.

Re: System wide InjectLibrary fails with 0x1f to x86 from x6

Posted: Thu Sep 04, 2014 11:11 am
by TCS

Code: Select all

madConfigDrv.exe Jector86.sys JectorDriver acrojet.dll -unsafeStopAllowed
Thanks for your help. I'll recheck the configuration and the signing process.

Re: System wide InjectLibrary fails with 0x1f to x86 from x6

Posted: Thu Sep 04, 2014 12:56 pm
by TCS
Is there any way to get output or logs from madConfigDrv.exe ?

I assume that the signing process is successful because the LoadInjectionDriver() function finishes successfully, and I can see "digital signature" tab in the .sys file propery page, therefore I guess that the problem can be only in the configuration, but I can't see what am I doing wrong...

I compared Jector86.sys before the config and after it, and I did see that the file changed (the last modified date doesn't change, I guess you modify it).
I tried to config again with the same "acrojet.dll" to try and get some error, and I did get one stating the "acrojet.dll" is already in the list.

Any other ideas ???

Re: System wide InjectLibrary fails with 0x1f to x86 from x6

Posted: Thu Sep 04, 2014 1:03 pm
by TCS
More info, the problem is only in 32bit, not 64bit.

Re: System wide InjectLibrary fails with 0x1f to x86 from x6

Posted: Thu Sep 04, 2014 7:45 pm
by TCS
Okay found it!
I didn't understand something about the configuration correctly.

I thought that I need to configure to the 64bit driver only the 64bit DLLs and for the 32bit driver only the 32bit DLLs, but in fact In 64bit machine only the 64bit driver is being used, so I have to configure both 32bit DLLs and 64bit DLLs to it.
I'd suggest that in this case you would SetLastError() with ERROR_ACCESS_DENIED.

Thanks!