i need inject dll in safe mode

c++ / delphi package - dll injection and api hooking
Post Reply
jgh0721
Posts: 28
Joined: Tue Apr 22, 2014 8:06 am

i need inject dll in safe mode

Post by jgh0721 »

i use madCodeHook 3.13

tested os ( win 7 x64 sp1 )

#. move my driver file( iMonProcMonX64.sys, digital signed ) to system32\drivers
#. installinjectiondirver call
#. reboot , but drivers does not load

also, i create registry entries hklm\system\currentcontrolset\control\safeboot\minimal, hklm\system\currentcontrolset\control\safeboot\network
also, i create registry entries hklm\system\services\iMonProcMonX64

but failed .

i didn't know how to inject dll in safe mode.
jgh0721
Posts: 28
Joined: Tue Apr 22, 2014 8:06 am

Re: i need inject dll in safe mode

Post by jgh0721 »

p.s if mch 3.x dont support inject dll in safe mode, does support inject dll in safe mode using mch 4.x?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: i need inject dll in safe mode

Post by madshi »

I've not really tried this myself yet, but a while ago I got this report from a madCodeHook user:

> I finally made it work with two changes,
> 1) add the "safeboot" registry you mentioned in your email,
> 2) and an additional "Group = File System" registry value under
> "HKLM\SYSTEM\CurrentControlSet\services\drivername".
> while I still use InstallInjectionDriver.

I had told him before that he needs to use InstallInjectionDriver and that he needs to enter his driver here:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

Hope that helps?

(no difference between 3.x and 4.x for safe mode)
Post Reply