InjectLibrary fails when injecting session/systemwide

c++ / delphi package - dll injection and api hooking
Davita
Posts: 163
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by Davita »

I get the following message: "only users with administrator privileges can run this demo".
By looking at the code, it seems that your demo also managed to load the driver successfully but failed to inject the dll.

Code: Select all

  if not InjectLibrary(CDriverName, 'HookPrintAPIs32.dll', ALL_SESSIONS, true, 'Project1.exe') then
  begin
    // if you want your stuff to run in under-privileges user accounts, too,
    // you have to do write a little service for the NT family
    // an example for that can be found in the "HookProcessTermination" demo
    MessageBox(Handle, 'only users with administrator privileges can run this demo', 'information...', MB_ICONINFORMATION);
    ExitProcess(0);
  end;
The driver is configured with my hook dll's of course with madConfigDrv.

Thanks again for your help madshi :oops:

P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by madshi »

If loading the driver works then injection should really work, as well.

Do you sign the hook dlls? Do you sign them before or after you configure the driver?
Davita
Posts: 163
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by Davita »

Yep, it worked, here's the screenshot. I run your demo with my driver + dlls.
I don't sign dlls, and never did actually. The dlls that came with your demo wasn't signed as well, already checked that.
I sign the drivers after configuring it, that is, after running madConfigDrv...
Attachments
Untitled.gif
Untitled.gif (90.98 KiB) Viewed 6804 times
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by madshi »

Well, I'm out of ideas then. I don't really see why the driver can be loaded, but injection fails. Makes no sense to me... :?
Davita
Posts: 163
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by Davita »

ok madshi, thanks for trying :)
I'll purchase the certs in that case, but which one?

"P.S. as a last resort, I'll purchase the certificate, but https://www.globalsign.com/en/code-signing-certificate/ has 2 types, standard and Extended Validation certificates. Do you know if standard version (priced at $219) is compatible with code hook driver?"

Thanks again :)
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by madshi »

The extended validation certificates are there for Windows 10 SecureBoot compatability. But there's some discussion about whether they are needed at all. Microsoft is rather unclear about the exact needs. See more details in this long thread:

viewtopic.php?f=7&t=28050

Personally, I still have a "normal" non-EV certificate, and it works just fine for me. Please double check the discussion about SHA1 vs SHA256 to make sure you get the right one.
Davita
Posts: 163
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by Davita »

Thank you very much madshi, I will
Davita
Posts: 163
Joined: Tue Sep 13, 2005 7:31 pm

Re: InjectLibrary fails when injecting session/systemwide

Post by Davita »

Looks like I found a solution, maybe someone will find it useful. The trick is to use 32 bit windows, not 64 bit. Also I tested only on Windows 7 (with Driver Signature Enforecement disabled of course) and it works. Looks like that's the ideal OS for madcodehook development :)
Post Reply