Loading Driver Failed Err193 [SOLVED: wrong madconfdrv]

c++ / delphi package - dll injection and api hooking

Loading Driver Failed Err193 [SOLVED: wrong madconfdrv]

Postby jonny_valentine » Tue Apr 12, 2016 3:54 pm

Driver installation and dll injection works on all machines, Windows 10, 64 and 32bit.
But when testing on Hyper-V, Win7,8.1 and 10.. the driver will not install and GetLastError() returns error 193, indicating Bad Image Format.
In the event logs it says "The HookProcessCreationDemoDriver failed to start".... the driver is "..not a valid win32 application"; this is on the x86 Win7 and x64 Win10, both Hyper-V.

The driver is cross signed with an EV Certificate and everything works(installs and injects) fine on x64 Win10 (real machine not virtual machine/hyperv).

Could this be a Hyper-V issue?
Any suggestions would be appreciated.

Thank you.
Last edited by jonny_valentine on Fri Apr 22, 2016 10:17 am, edited 1 time in total.
jonny_valentine
 
Posts: 108
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Re: Loading Driver Failed Error 193

Postby madshi » Tue Apr 12, 2016 4:02 pm

Does this also happen with the demo projects compiled by me? E.g. this one:

http://madshi.net/PrintMonitor.zip
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Loading Driver Failed Error 193

Postby jonny_valentine » Wed Apr 13, 2016 1:05 pm

Yes, that works... but i notice your 32bit .sys file is exactly 4,096 bytes smaller than my .sys file... do you think this is the problem?

I used your DLL Injector project to 'install' the driver all with default names etc, which fails to install on x32.

Today we tested on physical win7 32bit sp1, again error 193 so it isnt the hyper-v. The only files in the project are: dllinjector.exe, 2x .sys and 2x .dll. Error 193 happens on the install driver.

The only difference is our .sys is 4,096 bytes larger than yours, could this be our EV cert?

It works fine on win10 x64 though... :confused:
jonny_valentine
 
Posts: 108
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Re: Loading Driver Failed Error 193

Postby madshi » Wed Apr 13, 2016 1:29 pm

Some OSs don't like SHA256 certs. But that should not affect Windows 10, so I don't really know what the problem is. Those 4096 bytes difference may be caused by your cert being "bigger", but I don't think that by itself should be a problem. But I'm far from an expert on signing.

Lately I'm asked by many customers about how to solve signing problems. Somehow it seems everybody thinks I would know how to solve such problems. But I don't know any more about it than anybody else. And this is not madCodeHook specific in any way, either. The same problem applies to any kernel mode driver. Maybe you should talk to your certificate provider about this problem?
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Loading Driver Failed Error 193

Postby jonny_valentine » Wed Apr 13, 2016 2:37 pm

Its SHA1.

I understand, signing problems are not your problem.. I agree.
I'm not actually sure its a signing problem, but its the only reason left. I have never had problems with signing since the driver was introduced. I don't see why customers have problems unless they don't understand code signing, its quite simple.

Only this time, I can't figure out why it works fine on win10x64 and nothing else, surely it would be the other way around considering win10x64 is so protected. I'll talk with cert provider.

The only reason I posted here is because the installdriver returns error 193 which is bad module, I thought it may be something wrong with recent x86 driver you sent me since the x64 works, indicating cert is ok.

No problem, i'll update this thread when I find the solution.

Jon
jonny_valentine
 
Posts: 108
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Re: Loading Driver Failed Error 193

Postby jonny_valentine » Wed Apr 13, 2016 4:23 pm

OK, I tried without signing the .sys file to make sure it was the certificate (I removed the requirement for drivers to be signed inside the OS).. still had error 193, bad image meaning it was not the certificate at fault.. then i realised what the problem was!!!

As usual its the customers fault. I apologise for wasting your time :(

The reason was because the madconfdrv.exe file was not the most recent!

I totally didn't notice that the 'Date Modified' of the madconfdrv was for the last version of mch. Feel free to delete this thread, its useless.
jonny_valentine
 
Posts: 108
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Re: Loading Driver Failed Error 193

Postby madshi » Wed Apr 13, 2016 4:29 pm

Hmmmm... I didn't change anything dramatic, though. In any case, glad to hear you got it solved!
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests