Demos\HookProcessCreation does not work

c++ / delphi package - dll injection and api hooking
Post Reply
Schnaddel
Posts: 2
Joined: Thu Mar 31, 2011 7:20 am

Demos\HookProcessCreation does not work

Post by Schnaddel »

Hi,

I'm trying to get the Demos\HookProcessCreation running. But I'm failed.

Is process hooking meant to work with self signed certificates? If yes, how can I get the mscross.cer from my certificate?

configDrivers.bat refers to a not existing signtool.exe. So I use signtool.exe from windows sdk. But the only response is "No certificates were found that met all the given criteria." I have no idea what the 'given criteria' are...

The only way to get signtool signing my drivers is the following command line:
SignTool.exe sign /t http://timestamp.verisign.com/scripts/timestamp.dll /f My.pfx /p MyPwd DemoDriver32.sys

But with this driver the DllInjector.exe fails with "loading driver failed".

Any idea?

BR
Michael
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Demos\HookProcessCreation does not work

Post by madshi »

Does the demo work when you use the files created and compiled by me? E.g. here:

http://madshi.net/HookProcessCreation.zip
http://madshi.net/HookProcessTermination.zip
http://madshi.net/PrintMonitor.zip

I've no experience with using self-cert, but I've heard that some people had trouble with that. One of the madCodeHook requirements is that you have your own code signing certificate. That's the only thing that I have experience with, and I can say that GlobalSign or Verisign certificates work fine.

Of course you can try using self-cert, but I can't really help with that. That said, madCodeHook's driver itself doesn't check the signature. As long as you make the OS happy, madCodeHook is happy, too. So this should mostly be a question of how to make the OS accept your signature. Which is not madCodeHook specific. JFWIW...
Schnaddel
Posts: 2
Joined: Thu Mar 31, 2011 7:20 am

Re: Demos\HookProcessCreation does not work

Post by Schnaddel »

Yes, they work fine.

One additional question: where does the mscross.cer come from? This is used to sign the sys files (configDrivers.bat).
I assume, this file is not your certificate provided by GlobalSign, isn't it?

Could be, that I need to convert my self-signed certificate into such a file...

BR
Michael
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: Demos\HookProcessCreation does not work

Post by iconic »

It's explained here http://help.madshi.net/mchDrvSign.htm

--Iconic
Post Reply