i use mch 4.2.1
We're making this request for the following reasons
First of all, we have already created and are using a driver to notify process launch/termination and we cannot remove this driver. Secondly, only certain processes need to be injected. Therefore, when we called the InjectLibrary function and performed it in user mode, some processes were not injected successfully. The Win32 Error Code is 1657, 1655. Of course, both DLL and SYS have EV code signing. To avoid these errors, I searched the forum and found that injection via driver is required. However, since you can't specify a PID in the current IncludeMask, there is a chance that an unwanted process will be specified, and this is essentially an API that targets multiple processes.
Therefore, I am requesting a function that allows me to inject with a driver into a specific process on a one-time basis.
[request] inject dll on specified process(pid) by driver
Re: [request] inject dll on specified process(pid) by driver
The driver actually isn't able to inject into already running processes. It doesn't have the code for that. The madCodeHook injection driver only injects into newly created processes. Injecting into already running processes is the job of the user mode library.
Are you doing the user mode injection from within a service? If not, that's what you should do. Here's a demo that shows how:
http://madshi.net/HookProcessTermination.zip
Are you doing the user mode injection from within a service? If not, that's what you should do. Here's a demo that shows how:
http://madshi.net/HookProcessTermination.zip