Page 2 of 2

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 1:32 pm
by Davita
I get the following message: "only users with administrator privileges can run this demo".
By looking at the code, it seems that your demo also managed to load the driver successfully but failed to inject the dll.

Code: Select all

  if not InjectLibrary(CDriverName, 'HookPrintAPIs32.dll', ALL_SESSIONS, true, 'Project1.exe') then
  begin
    // if you want your stuff to run in under-privileges user accounts, too,
    // you have to do write a little service for the NT family
    // an example for that can be found in the "HookProcessTermination" demo
    MessageBox(Handle, 'only users with administrator privileges can run this demo', 'information...', MB_ICONINFORMATION);
    ExitProcess(0);
  end;
The driver is configured with my hook dll's of course with madConfigDrv.

Thanks again for your help madshi :oops:

P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 1:51 pm
by madshi
If loading the driver works then injection should really work, as well.

Do you sign the hook dlls? Do you sign them before or after you configure the driver?

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 1:57 pm
by Davita
Yep, it worked, here's the screenshot. I run your demo with my driver + dlls.
I don't sign dlls, and never did actually. The dlls that came with your demo wasn't signed as well, already checked that.
I sign the drivers after configuring it, that is, after running madConfigDrv...

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 2:01 pm
by madshi
Well, I'm out of ideas then. I don't really see why the driver can be loaded, but injection fails. Makes no sense to me... :?

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 2:03 pm
by Davita
ok madshi, thanks for trying :)
I'll purchase the certs in that case, but which one?

"P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?"

Thanks again :)

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 2:10 pm
by madshi
The extended validation certificates are there for Windows 10 SecureBoot compatability. But there's some discussion about whether they are needed at all. Microsoft is rather unclear about the exact needs. See more details in this long thread:

viewtopic.php?f=7&t=28050

Personally, I still have a "normal" non-EV certificate, and it works just fine for me. Please double check the discussion about SHA1 vs SHA256 to make sure you get the right one.

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 2:12 pm
by Davita
Thank you very much madshi, I will

Re: InjectLibrary fails when injecting session/systemwide

Posted: Thu Jul 14, 2016 11:53 pm
by Davita
Looks like I found a solution, maybe someone will find it useful. The trick is to use 32 bit windows, not 64 bit. Also I tested only on Windows 7 (with Driver Signature Enforecement disabled of course) and it works. Looks like that's the ideal OS for madcodehook development :)