System wide InjectLibrary fails with 0x1f to x86 from x64
Posted: Wed Sep 03, 2014 7:26 am
Hey,
I am trying to use InjectLibraryW() in 64bit application in order to install system-wide injection for acrord32.exe (acrobat reader), and it fails with 0x1f. InjectLibraryW() to 64bit application works.
InjectLibraryW() is being called from 64bit process (service or application with admin right).
I am running the code in windows 7 x64.
I have done the following:
1. Compiled the injected dll (called acrojet.dll).
2. Configured the driver:
3. Signed the driver (signing without timestamp).
4. In the application:
a. I first call "InitializeMadCHook();"
b.
function returns TRUE. (jector64.sys is signed and configured)
c.
function returns FALSE, GetLastError() returns 0x1f.
Any idea what am I missing???
Thanks!!!
I am trying to use InjectLibraryW() in 64bit application in order to install system-wide injection for acrord32.exe (acrobat reader), and it fails with 0x1f. InjectLibraryW() to 64bit application works.
InjectLibraryW() is being called from 64bit process (service or application with admin right).
I am running the code in windows 7 x64.
I have done the following:
1. Compiled the injected dll (called acrojet.dll).
2. Configured the driver:
Code: Select all
madConfigDrv.exe Jector86.sys JectorDriver acrojet.dll -unsafeStopAllowed
4. In the application:
a. I first call "InitializeMadCHook();"
b.
Code: Select all
LoadInjectionDriver(INJECTION_DRIVER_NAME,
(app_path + L"x86\\jector86.sys").c_str(),
(app_path + L"jector64.sys").c_str())
c.
Code: Select all
InjectLibraryW(INJECTION_DRIVER_NAME,
app_path + L"x86\\acrojet.dll",
ALL_SESSIONS,
FALSE,
L"acrord32.exe")
Any idea what am I missing???
Thanks!!!