i need inject dll in safe mode

c++ / delphi package - dll injection and api hooking

i need inject dll in safe mode

Postby jgh0721 » Thu Sep 08, 2016 2:46 am

i use madCodeHook 3.13

tested os ( win 7 x64 sp1 )

#. move my driver file( iMonProcMonX64.sys, digital signed ) to system32\drivers
#. installinjectiondirver call
#. reboot , but drivers does not load

also, i create registry entries hklm\system\currentcontrolset\control\safeboot\minimal, hklm\system\currentcontrolset\control\safeboot\network
also, i create registry entries hklm\system\services\iMonProcMonX64

but failed .

i didn't know how to inject dll in safe mode.
jgh0721
 
Posts: 7
Joined: Tue Apr 22, 2014 8:06 am

Re: i need inject dll in safe mode

Postby jgh0721 » Thu Sep 08, 2016 2:50 am

p.s if mch 3.x dont support inject dll in safe mode, does support inject dll in safe mode using mch 4.x?
jgh0721
 
Posts: 7
Joined: Tue Apr 22, 2014 8:06 am

Re: i need inject dll in safe mode

Postby madshi » Thu Sep 08, 2016 3:07 pm

I've not really tried this myself yet, but a while ago I got this report from a madCodeHook user:

> I finally made it work with two changes,
> 1) add the "safeboot" registry you mentioned in your email,
> 2) and an additional "Group = File System" registry value under
> "HKLM\SYSTEM\CurrentControlSet\services\drivername".
> while I still use InstallInjectionDriver.

I had told him before that he needs to use InstallInjectionDriver and that he needs to enter his driver here:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

Hope that helps?

(no difference between 3.x and 4.x for safe mode)
madshi
Site Admin
 
Posts: 9473
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 1 guest

cron