[Request] DLL Injection Approval Callback

c++ / delphi package - dll injection and api hooking

[Request] DLL Injection Approval Callback

Postby jgh0721 » Thu Oct 25, 2018 4:54 am

Hello, I use madcodehook 4.1.0

currently, my proudct is...

Product Service(EXE, x86) ------(call)--------> Injector-x86, injector-x64 ------(inject)---------> target process ( x86, x64 )

btw, DLL Injection approval callback feature's function called to injector not service exe.

so, I want to set approval callback on service to madshi driver.

Request Feature.
- Start Injection, Stop Injection on product service, seprately with injector
- register / unregister dll approval callback on product service, seprately with injector

sorry my english,... :-(
jgh0721
 
Posts: 12
Joined: Tue Apr 22, 2014 8:06 am

Re: [Request] DLL Injection Approval Callback

Postby iconic » Thu Oct 25, 2018 7:40 am

You should be able to use SendIpcMessage() with the "answer" parameter filled from the DLL injector inside your DLL injection approval callback. Your service just has to call CreateIpcQueue() and will host the IPC channel for approval from the injector. Haven't personally used the approval callback yet myself but it should allow you to work this way from what I've discerned from the documentation? Basically, the child process (injector) just asks the parent (service) if a DLL load is allowed, like any other IPC operation example in existence which allows for a returned response. Any control commands can be sent to the service, you just need to include them in the IPC callback within the service and have your injector contact the service process.

http://help.madshi.net/DllInjecting.htm ... ackRoutine

--Iconic
iconic
 
Posts: 846
Joined: Wed Jun 08, 2005 5:08 am

Re: [Request] DLL Injection Approval Callback

Postby jgh0721 » Fri Oct 26, 2018 5:11 am

If so, always three processes staying on pc. service, injector-x86, injector-x64...

so, i want to change work flow.

before:

service ---------> injector ( immediately injection )

after:

service --------> injector ( load driver, set injection info, not start injection )
service -> set dll approval callback
service -> start injection
service <--- driver approval callback
jgh0721
 
Posts: 12
Joined: Tue Apr 22, 2014 8:06 am

Re: [Request] DLL Injection Approval Callback

Postby madshi » Tue Nov 13, 2018 6:16 pm

Sorry for the late reply.

Hmmmm... Doing this with IPC would be possible, but I can't really recommend it, because Microsoft already strongly advises against letting driver land wait on a user land callback. So the whole concept of "DLL injection approval callback" is already against the rules to some extent. Now involving even 2 different user processes, which wait on each other, to delay the driver, doesn't sound like a good concept. We should try our best to keep the overhead of the approval callback as small as possible.

@jgh0721, why does your service not do the injection itself? Why do you start a secondary injector tool?
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 7 guests