madshi kernel doesn't inject anything

c++ / delphi package - dll injection and api hooking

madshi kernel doesn't inject anything

Postby Intriguer » Tue Jun 06, 2017 8:24 am

I built Win32 Release HookProcessCreationDemo. Copied DllInjector32.exe and HookProcessCreation32.dll to target machine. Copied drivers from Driver_bin directory. Used Demos\HookProcessCreation\configDrivers.bat and run DllInjector32.exe with admin privileges. Executable loaded driver successfully and showed main window but 'inject dll' button always was returning error "injection failed" (I chose HookProcessCreation32.dll as system wide hook dll). I checked Win10 x32 x64 and Win7 x32 x64. What I'm doing wrong?
Last edited by Intriguer on Wed Jun 07, 2017 7:59 am, edited 1 time in total.
Intriguer
 
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Postby Intriguer » Tue Jun 06, 2017 12:09 pm

Can somebody help me?
Intriguer
 
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Postby Intriguer » Wed Jun 07, 2017 7:51 am

So, for now I debugged Demo project and library, and understood that library cannot communicate with driver - madCHook::DriverInject::SendDriverCommand always get false here - result = DeviceIoControl(fh, command, buf, buf->Size, outbuf, outbufSize, &c1, NULL) != false;
I tried to install and start driver by sc tool, but result is the same, so, I suppose, that driver works, because application DllInjector.exe doesn't show error during startup, but something went wrong in the driver code. Unfortunately, I cannot build driver from sources, because it uses very OLD DDK and MSVC2008 (really?). Now somebody help will be very in time for me.
Intriguer
 
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Postby Intriguer » Wed Jun 07, 2017 11:53 am

Already have found that issue...
// This dll is not known to the driver.
// And the authenticode certificate's public key doesn't match our driver's, either.
// So we refuse to inject this DLL, just to be safe - sorry!
Intriguer
 
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Postby madshi » Wed Jun 14, 2017 8:48 am

Is this problem solved? Or do you still need help?

We don't want some malware to misuse our driver to inject malware dlls, right? Because of that, the driver refuses to inject any dll which isn't "known". You can make a dll known to the driver either by storing a hash of the dll into the driver file, using the "madConfigDrv" tool. Or alternatively, any dll that was signed with the same code signing certificate as your driver, will also be considered trustworthy.
madshi
Site Admin
 
Posts: 9410
Joined: Sun Mar 21, 2004 5:25 pm

Re: madshi kernel doesn't inject anything

Postby Intriguer » Wed Jun 14, 2017 2:38 pm

Yes, thanks.
Intriguer
 
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests