Cannot inject dll due to signing issue #14
Description
I've encounter in image validation error while trying to inject dll from slightly different version of injdrv where the injection timing is on creation of new thread (so that processes that existed before the driver is loaded could be injected as well - assuming new alertable threads will be created on them).
Anyhow, it seems that although the dll is signed, it fails on signing issue (perhaps mismatch between processes executable file and dll signatures)
here's the stack trace from the context of the injected processes after initial injected code tried to call ldrloaddll
[0x0] CI!CipReportAndReprieveUMCIFailure + 0x563
[0x1] CI!CiValidateImageHeader + 0xbdb
[0x2] nt!SeValidateImageHeader + 0xd6
[0x3] nt!MiValidateSectionCreate + 0x436
[0x4] nt!MiValidateSectionSigningPolicy + 0xa6
[0x5] nt!MiValidateExistingImage + 0x12e
[0x6] nt!MiShareExistingControlArea + 0xc2
[0x7] nt!MiCreateImageOrDataSection + 0x1a3
[0x8] nt!MiCreateSection + 0xf4
[0x9] nt!MiCreateSectionCommon + 0x1ff
[0xa] nt!NtCreateSection + 0x60
[0xb] nt!KiSystemServiceCopyEnd + 0x25
[0xc] ntdll!NtCreateSection + 0x14
[0xd] ntdll!LdrpMapDllNtFileName + 0x136
[0xe] ntdll!LdrpMapDllFullPath + 0xe0
[0xf] ntdll!LdrpProcessWork + 0x74
[0x10] ntdll!LdrpLoadDllInternal + 0x13e
[0x11] ntdll!LdrpLoadDll + 0xa8
[0x12] ntdll!LdrLoadDll + 0xe4
the process is image is spawned from dllhost.exe and it's not revealed as protected as one might thing ...
Any idea what can lead to this error ?
thanks