Page 1 of 1

madshi kernel doesn't inject anything

PostPosted: Tue Jun 06, 2017 8:24 am
by Intriguer
I built Win32 Release HookProcessCreationDemo. Copied DllInjector32.exe and HookProcessCreation32.dll to target machine. Copied drivers from Driver_bin directory. Used Demos\HookProcessCreation\configDrivers.bat and run DllInjector32.exe with admin privileges. Executable loaded driver successfully and showed main window but 'inject dll' button always was returning error "injection failed" (I chose HookProcessCreation32.dll as system wide hook dll). I checked Win10 x32 x64 and Win7 x32 x64. What I'm doing wrong?

Re: madshi kernel doesn't inject anything

PostPosted: Tue Jun 06, 2017 12:09 pm
by Intriguer
Can somebody help me?

Re: madshi kernel doesn't inject anything

PostPosted: Wed Jun 07, 2017 7:51 am
by Intriguer
So, for now I debugged Demo project and library, and understood that library cannot communicate with driver - madCHook::DriverInject::SendDriverCommand always get false here - result = DeviceIoControl(fh, command, buf, buf->Size, outbuf, outbufSize, &c1, NULL) != false;
I tried to install and start driver by sc tool, but result is the same, so, I suppose, that driver works, because application DllInjector.exe doesn't show error during startup, but something went wrong in the driver code. Unfortunately, I cannot build driver from sources, because it uses very OLD DDK and MSVC2008 (really?). Now somebody help will be very in time for me.

Re: madshi kernel doesn't inject anything

PostPosted: Wed Jun 07, 2017 11:53 am
by Intriguer
Already have found that issue...
// This dll is not known to the driver.
// And the authenticode certificate's public key doesn't match our driver's, either.
// So we refuse to inject this DLL, just to be safe - sorry!

Re: madshi kernel doesn't inject anything

PostPosted: Wed Jun 14, 2017 8:48 am
by madshi
Is this problem solved? Or do you still need help?

We don't want some malware to misuse our driver to inject malware dlls, right? Because of that, the driver refuses to inject any dll which isn't "known". You can make a dll known to the driver either by storing a hash of the dll into the driver file, using the "madConfigDrv" tool. Or alternatively, any dll that was signed with the same code signing certificate as your driver, will also be considered trustworthy.

Re: madshi kernel doesn't inject anything

PostPosted: Wed Jun 14, 2017 2:38 pm
by Intriguer
Yes, thanks.