Load driver and Inject DLL using impersonate

c++ / delphi package - dll injection and api hooking

Load driver and Inject DLL using impersonate

Postby elioliveira » Thu Jan 28, 2016 1:23 am

Hello guys,

What's wrong whith my code? I'd like to load driver and inject DLL using impersonte, but it doesn't work at all.

Code: Select all
function Impersonate(const User, PW: string): Boolean;
var
  LogonType,  LogonProvider: Integer;
  strAdminUser, strAdminDomain, strAdminPassword: string;
  TokenHandle: THandle;
begin
  LogonType := LOGON32_LOGON_INTERACTIVE;
  LogonProvider := LOGON32_PROVIDER_DEFAULT;
  strAdminUser := USER;
  strAdminDomain := '';
  strAdminPassword := PW;
  Result := LogonUser(PChar(strAdminUser), nil,
    PChar(strAdminPassword), LogonType, LogonProvider, TokenHandle);
  if Result then
  begin
    Result := ImpersonateLoggedOnUser(TokenHandle);
  end;
end;
 
if Impersonate('SVC-SA.XXD.AAA', 'B#01Va##R$#@!*&') then
   begin
    LoadInjectionDriver('Myprog', 'Prog32.sys', 'Prog64.sys');
    StartInjectionDriver('Myprog');
    InjectLibrary('Myprog', 'Prog32.dll', ALL_SESSIONS, true)
    RevertToSelf;
 end;


The user SVC-SA.XXD.AAA is Domain admin end is in the local administrator group in end user computer

The function Impersonate is ok. Working fine. I'm using mdCodeHook 3.0

is possible to do it using impersonate? There is another way to do this when applications is loaded by single user, but in code use impersonate?

Thank you so much.

Eli Oliveira.
elioliveira
 
Posts: 4
Joined: Fri Jul 24, 2015 11:59 pm

Re: Load driver and Inject DLL using impersonate

Postby madshi » Thu Jan 28, 2016 8:17 am

Which of those APIs is the first one failing? LogonUser needs the SE_TCB_NAME privilege to work, does the thread/process which calls it have this privilege? Also it seems LogonUser doesn't create a "primary token", whatever that means. You may have to call DuplicateTokenEx to convert it into a primary token. But I don't really know if that's needed for ImpersonateLoggedOnUser.

Finally, I don't really know if ImpersonateLoggedOnUser really allows you to load drivers etc. It's possible that doing such things is only allowed when run inside of a service in some OSs. I don't know for sure, though.
madshi
Site Admin
 
Posts: 10268
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 21 guests