Here I am summarizing the scenario.
I am trying to inject a simple dll in internet explorer. The VM is Windows server 2003 standard edition service pack 2 and I am trying through RDP. The target application (internet explorer) is running on RDP session.
It is getting successfully injected through an exe which is running on same session. But the injection fails if dll is injected through service mode exe. Here the injector service is installed and running from main session (not RDP) and target application (internet explorer) is running on RDP session.
(1) Started VM, logged in directly (no RDP), user "Administrator", with full admin rights and member of "remote desktop users" group.
(2) Started Internet Explorer.
(3) Started Process Explorer to watch the dlls loaded in the Internet Explorer.
(4) Started mstsc, connected to VM via RDP, logged in as "Adminstrator" another time.
(5) In RDP session: Installed a little service, which does nothing but InjectLibrary(InternetExplorerProcessHandle, empty.dll) in its service proc.
(6) In original session: Checked Process Explorer to see if injection succeeded.
Everything works fine here. The empty dll is injected into the Internet Explorer of the original VM session (no RDP) successfully, by the service installed in the RDP session.
If you want me to find out what is going on, I need to be able to reproduce the problem. If I can't reproduce it, there's nothing I can do. Maybe you want to try giving me an exact and very detailed step-by-step guide to reproduce the problem. I can't read your mind what exact steps you're taking to reproduce the problem, and based on the limited amount of information I have, I'm not able to reproduce the problem.
What you are doing is exactly opposite. That is, running service on remote session and target process on main session.
Here in below description I will use the term “main session” for VM without RDP. And will use the term “remote session” for the RDP session taken by mstsc of the VM.
Below is step by steps description of what we are doing.
- Started VM, logged in directly on main session (no RDP), user "Administrator", with full admin rights and member of "remote desktop users" group.
Started Internet Explorer 8(IE) on main session
Added PID of IE process manually in your given code. Service is installed and run on main session. The service has InjectLibrary function.
It Works Fine.
Closed Internet Explorer from main session.
Now, Stopped the service from main session.
Now took RDP of the VM. At this time actual VM is also running without lock. So RDP gives a new session of 2003 server. We call this new RDP session as remote session.
Then started IE at remote session. Note down pid of IE.
Now at main session added PID of IE Process (running on remote session) in your given service code(and compiled). Installed and ran service on main session (no RDP).
It is not working.
So whenever I try to inject a library into a process running on remote session by a process(Service mode) running on main session, it is not able to inject.
Did you find a solution for this issue? I'm experiencing the same problem. I have a service running under system account that sometimes injects a dll into processes running under different accounts. Injection works OK for processes running under a different session if the user is NOT logged through RDP, but it fails if the (same) user is logged through RDP.
I've just tried to reproduce the problem again, accordingly to the latest info, but still can't.
(1) Started clean Windows 2003 Server SP2 VM, logged in directly (no RDP), user "Administrator", with full admin rights and member of "remote desktop users" group.
(2) Started mstsc, connected to VM via RDP, logged in as "Adminstrator" another time.
(3) In RDP session: Started Internet Explorer.
(4) In main session: Installed a little service, which does nothing but InjectLibrary(InternetExplorerProcessHandle, empty.dll) in its service proc.
(5) In main session: Started Process Explorer to see if injection succeeded.
Injection works just fine here. Here's the exact project I've been testing with:
I can't download your code because the link seems to be broken and produces a 404 Not Found error.
Could you please fix it so we can test it in our enviroments?
Is the service running under 'Administrator' account or under 'SYSTEM' account? In my case, it's the second one and that's the scenario where the error happens.In main session: Installed a little service, which does nothing but InjectLibrary(InternetExplorerProcessHandle, empty.dll) in its service proc.
To reproduce it, I don't even need to register a service. I created a simple executable that injects a dll into a running process, passing the dll path and the process id as parameters, and ran it under SYSTEM account using the Microsoft PsExec utility from SysInternals:
Code: Select all
c:\PSTools\PsExec.exe -s c:\PSTools\inject_dll.exe c:\PSTools\empty_dll.dll <pid>
Inject_dll.exe simply opens the specified process and injects the dll passed as parameter through a call to InjectLibrary.
empty_dll.dll is an empty dll that only returns TRUE on DllMain routine.
I hope this helps.
Thank you so much madshi.madshi wrote:Sorry, uploaded the file to the wrong folder. The link should work now.
Your example works OK for me. Also, I'm able to inject your empty.dll into a RDP process from SYSTEM account using my injection executable, so the problem seems to be in my dll. I need to investigate further...
Thank you very much.
Tried the exact same thing with a bigger dll (~500k) that hooks some gdi API and it worked as well.
But in a more complex dll (~12MB) , where I hook multiple Windows API functions and program specific code, it did not solve the problem.
I'll let you know if I find a solution.