Hooking in safe mode?

c++ / delphi package - dll injection and api hooking
Post Reply
softtouch
Posts: 111
Joined: Sat Jun 20, 2009 10:08 am
Contact:
Contact softtouch

Hooking in safe mode?

Post by softtouch »

Is there a way to ensure the dll get injected when the pc boot into safe mode?

Will it work when:
1. Installing a service, which inject the dll
2. Adding that service to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

Or is there another way?
Top
madshi
Site Admin
Posts: 10764
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

To be honest, I've no idea. I've never even checked how safe mode behaves. My personal opinion is that the user expects more or less all complicated software to be disabled in safe mode, so that there's no danger of crashes or anything. So my thinking always was that hooking shouldn't really be used in safe mode. But that's just me, of course...
Top
aiwnjoo
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Post by aiwnjoo »

From what i know safe mode will only load system services/drivers on a minimal level. Your hook will therefore fail unless each user will modify their safe mode boot settings, or if you can somehow modify a loaded service to spawn your hook which unfortunately there is not much public information and would involve directly patching a specific service or require the users to install the custom service.

Of what would you need this for and i can see if i can brainstorm any ideas.
Top
Post Reply

Return to “madCodeHook”