InjectLibrary fails when injecting session/systemwide

c++ / delphi package - dll injection and api hooking

Re: InjectLibrary fails when injecting session/systemwide

Postby Davita » Thu Jul 14, 2016 1:32 pm

I get the following message: "only users with administrator privileges can run this demo".
By looking at the code, it seems that your demo also managed to load the driver successfully but failed to inject the dll.
Code: Select all
  if not InjectLibrary(CDriverName, 'HookPrintAPIs32.dll', ALL_SESSIONS, true, 'Project1.exe') then
  begin
    // if you want your stuff to run in under-privileges user accounts, too,
    // you have to do write a little service for the NT family
    // an example for that can be found in the "HookProcessTermination" demo
    MessageBox(Handle, 'only users with administrator privileges can run this demo', 'information...', MB_ICONINFORMATION);
    ExitProcess(0);
  end;

The driver is configured with my hook dll's of course with madConfigDrv.

Thanks again for your help madshi :oops:

P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?
Davita
 
Posts: 161
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby madshi » Thu Jul 14, 2016 1:51 pm

If loading the driver works then injection should really work, as well.

Do you sign the hook dlls? Do you sign them before or after you configure the driver?
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby Davita » Thu Jul 14, 2016 1:57 pm

Yep, it worked, here's the screenshot. I run your demo with my driver + dlls.
I don't sign dlls, and never did actually. The dlls that came with your demo wasn't signed as well, already checked that.
I sign the drivers after configuring it, that is, after running madConfigDrv...
Attachments
Untitled.gif
Untitled.gif (91.31 KiB) Viewed 751 times
Davita
 
Posts: 161
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby madshi » Thu Jul 14, 2016 2:01 pm

Well, I'm out of ideas then. I don't really see why the driver can be loaded, but injection fails. Makes no sense to me... :?
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby Davita » Thu Jul 14, 2016 2:03 pm

ok madshi, thanks for trying :)
I'll purchase the certs in that case, but which one?

"P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?"

Thanks again :)
Davita
 
Posts: 161
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby madshi » Thu Jul 14, 2016 2:10 pm

The extended validation certificates are there for Windows 10 SecureBoot compatability. But there's some discussion about whether they are needed at all. Microsoft is rather unclear about the exact needs. See more details in this long thread:

viewtopic.php?f=7&t=28050

Personally, I still have a "normal" non-EV certificate, and it works just fine for me. Please double check the discussion about SHA1 vs SHA256 to make sure you get the right one.
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby Davita » Thu Jul 14, 2016 2:12 pm

Thank you very much madshi, I will
Davita
 
Posts: 161
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Postby Davita » Thu Jul 14, 2016 11:53 pm

Looks like I found a solution, maybe someone will find it useful. The trick is to use 32 bit windows, not 64 bit. Also I tested only on Windows 7 (with Driver Signature Enforecement disabled of course) and it works. Looks like that's the ideal OS for madcodehook development :)
Davita
 
Posts: 161
Joined: Tue Sep 13, 2005 7:31 pm

Previous

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 6 guests