madshi kernel doesn't inject anything
madshi kernel doesn't inject anything
I built Win32 Release HookProcessCreationDemo. Copied DllInjector32.exe and HookProcessCreation32.dll to target machine. Copied drivers from Driver_bin directory. Used Demos\HookProcessCreation\configDrivers.bat and run DllInjector32.exe with admin privileges. Executable loaded driver successfully and showed main window but 'inject dll' button always was returning error "injection failed" (I chose HookProcessCreation32.dll as system wide hook dll). I checked Win10 x32 x64 and Win7 x32 x64. What I'm doing wrong?
Last edited by Intriguer on Wed Jun 07, 2017 7:59 am, edited 1 time in total.
Re: madshi kernel doesn't inject anything
Can somebody help me?
Re: madshi kernel doesn't inject anything
So, for now I debugged Demo project and library, and understood that library cannot communicate with driver - madCHook::DriverInject::SendDriverCommand always get false here - result = DeviceIoControl(fh, command, buf, buf->Size, outbuf, outbufSize, &c1, NULL) != false;
I tried to install and start driver by sc tool, but result is the same, so, I suppose, that driver works, because application DllInjector.exe doesn't show error during startup, but something went wrong in the driver code. Unfortunately, I cannot build driver from sources, because it uses very OLD DDK and MSVC2008 (really?). Now somebody help will be very in time for me.
I tried to install and start driver by sc tool, but result is the same, so, I suppose, that driver works, because application DllInjector.exe doesn't show error during startup, but something went wrong in the driver code. Unfortunately, I cannot build driver from sources, because it uses very OLD DDK and MSVC2008 (really?). Now somebody help will be very in time for me.
Re: madshi kernel doesn't inject anything
Already have found that issue...
// This dll is not known to the driver.
// And the authenticode certificate's public key doesn't match our driver's, either.
// So we refuse to inject this DLL, just to be safe - sorry!
// This dll is not known to the driver.
// And the authenticode certificate's public key doesn't match our driver's, either.
// So we refuse to inject this DLL, just to be safe - sorry!
Re: madshi kernel doesn't inject anything
Is this problem solved? Or do you still need help?
We don't want some malware to misuse our driver to inject malware dlls, right? Because of that, the driver refuses to inject any dll which isn't "known". You can make a dll known to the driver either by storing a hash of the dll into the driver file, using the "madConfigDrv" tool. Or alternatively, any dll that was signed with the same code signing certificate as your driver, will also be considered trustworthy.
We don't want some malware to misuse our driver to inject malware dlls, right? Because of that, the driver refuses to inject any dll which isn't "known". You can make a dll known to the driver either by storing a hash of the dll into the driver file, using the "madConfigDrv" tool. Or alternatively, any dll that was signed with the same code signing certificate as your driver, will also be considered trustworthy.
Re: madshi kernel doesn't inject anything
Yes, thanks.