madshi kernel doesn't inject anything

c++ / delphi package - dll injection and api hooking
Post Reply
Intriguer
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

madshi kernel doesn't inject anything

Post by Intriguer »

I built Win32 Release HookProcessCreationDemo. Copied DllInjector32.exe and HookProcessCreation32.dll to target machine. Copied drivers from Driver_bin directory. Used Demos\HookProcessCreation\configDrivers.bat and run DllInjector32.exe with admin privileges. Executable loaded driver successfully and showed main window but 'inject dll' button always was returning error "injection failed" (I chose HookProcessCreation32.dll as system wide hook dll). I checked Win10 x32 x64 and Win7 x32 x64. What I'm doing wrong?
Last edited by Intriguer on Wed Jun 07, 2017 7:59 am, edited 1 time in total.
Intriguer
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Post by Intriguer »

Can somebody help me?
Intriguer
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Post by Intriguer »

So, for now I debugged Demo project and library, and understood that library cannot communicate with driver - madCHook::DriverInject::SendDriverCommand always get false here - result = DeviceIoControl(fh, command, buf, buf->Size, outbuf, outbufSize, &c1, NULL) != false;
I tried to install and start driver by sc tool, but result is the same, so, I suppose, that driver works, because application DllInjector.exe doesn't show error during startup, but something went wrong in the driver code. Unfortunately, I cannot build driver from sources, because it uses very OLD DDK and MSVC2008 (really?). Now somebody help will be very in time for me.
Intriguer
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Post by Intriguer »

Already have found that issue...
// This dll is not known to the driver.
// And the authenticode certificate's public key doesn't match our driver's, either.
// So we refuse to inject this DLL, just to be safe - sorry!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: madshi kernel doesn't inject anything

Post by madshi »

Is this problem solved? Or do you still need help?

We don't want some malware to misuse our driver to inject malware dlls, right? Because of that, the driver refuses to inject any dll which isn't "known". You can make a dll known to the driver either by storing a hash of the dll into the driver file, using the "madConfigDrv" tool. Or alternatively, any dll that was signed with the same code signing certificate as your driver, will also be considered trustworthy.
Intriguer
Posts: 5
Joined: Tue Jun 06, 2017 8:15 am

Re: madshi kernel doesn't inject anything

Post by Intriguer »

Yes, thanks.
Post Reply