Administrator rights

c++ / delphi package - dll injection and api hooking
Post Reply
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Administrator rights

Post by LeVuHoang »

hello madshi, I've read all topics but not found about this problem.
Does madCodeHook work well if it is runned in user account ???
My program works very well in Administrator account, but can't run in user account.
Even the Appsniff of zamolx32 : viewtopic.php?t=90&postdays=0&postorder=asc&start=60
is too.

How can I solve this problem ??

Thank you madshi :)
LibX
Posts: 5
Joined: Sat Jan 08, 2005 6:49 pm

Post by LibX »

Check the readme u need admin rights to inject dll's ;)
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

LibX is right, you need admin rights and the documentation sais so. If you need your non-admin users to be able to use your program, too, you need to write a service. Check out the "HookProcessTermination" demo. When the service is installed, the demo works from a non-admin user account, too.
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

I think too :D
Thanks mashi, I'll try ;)
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

InjectService just works while It have the Admin rights to create a new service. Is there any another way to excute an API Hook while a user run that program ??
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

The service must be installed from an admin, no way around that.
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

If I have a user account in my friend's computer. I wish to run my Anti keylogger using API Hooking, how can I do that ???
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

If you have no admin rights, you can't use InjectLibrary. You can either ask your friend to install the injection service for you. Or you can try to find an alternative solution to InjectLibrary. E.g. you could misuse SetWindowsHookEx for injection. That will inject your dll into all GUI processes of the current user. It will not inject your dll into non-GUI processes and it will also not work for system processes and services and for processes of other users.
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

hi madshi,
The situation is :
One day, I go to the Internet cafe and using a public computer with user account. I wish to check if this computer was infected by a Keylogger.
If my program can't use API Hook. How can I detect which program using SetWindowsHookEx API ???

There is a example of a program :
http://www.antispy.biz/downloads/inst_antispy.exe

Personal Anti Keylogger works well even running in user mode. That program is not create any service too.
The scanning result of it is programs which are using keyboard hook.
What can I do if I don't use API Hook ??

Thank you madshi.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

If you just want to check whether some processes use keyboard logging maybe using SetWindowsHookEx(WH_DEBUG) helps?

Anyway, InjectLibrary needs admin rights and there's no way around it.
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Post by LeVuHoang »

I will try SetWindowsHookEx(WH_DEBUG).
Thank you madshi :)
Shenck
Posts: 15
Joined: Tue Apr 19, 2005 2:59 pm

Post by Shenck »

madshi wrote:If you just want to check whether some processes use keyboard logging maybe using SetWindowsHookEx(WH_DEBUG) helps?

Anyway, InjectLibrary needs admin rights and there's no way around it.
lParam of hook debug procedure contains a pointer to a DEBUGHOOKINFO structure and in NT/2000/XP the DebugHookInfo.idThreadInstaller is always zero. :( Other members of the DebugHookInfo is OK.

It is possible to use the madCollection to solve this bug?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Don't know. Probably you can hook SetWindowsHookEx instead of using SetWindowsHookEx(DEBUG). But that only works with admin rights and your hook needs to be installed before someone calls SetWindowsHookEx.
Post Reply