Search found 39 matches
- Tue May 16, 2017 4:14 pm
- Forum: madCodeHook
- Topic: Problem after updating Windows to 1703 (Creators update)
- Replies: 4
- Views: 8073
Re: Problem after updating Windows to 1703 (Creators update)
Been there, fixed/worked-around that... or something very similar. Hopefully you too. Add fontdrvhost.exe to your exclusion mask. Edit to add: I saw this problem on *some* x64 systems. I wasn't able to determine the difference between "working" and "not working" x64 installs. App...
- Thu Nov 26, 2015 4:04 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Yeah, I think so... and I use a fairly broad range of your tech. HookApi, SendIpcMessage etc.
- Thu Nov 26, 2015 3:48 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
I've rewritten my code to to ensure that OpenGlobalFileMapping is used when injected in Edge... and all is well. Thanks for the assistance! In my use case, Edge will never be the first injected application, so the following *should* work reliably... g_hMapFile = OpenGlobalFileMapping(g_szIpcName, TR...
- Wed Nov 25, 2015 5:49 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
It won't actually get created as such in Edge. Other processes ( e.g. explorer.exe) will have created the shared memory before Edge is launched. i.e. in Edge GetLastError will return ERROR_ALREADY_EXISTS. If that makes any difference.
- Wed Nov 25, 2015 4:44 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Sorry I wasn't sufficiently explicit. I did try that... PrintMonitor doesn't interfere with Edge.
- Wed Nov 25, 2015 4:08 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
PrintMonitor works fine. I would've been surprised if it didn't... it's only Edge that has given me difficulties. Firefox, Chrome, a plethora of windows apps, explorer etc, all okay. I tested my injection dll's again with api hooks active, this time calling the original functions immediately and the...
- Tue Nov 24, 2015 10:12 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
If all else fails, brute force and ignorance...
I pulled the power early in the boot sequence. After the third try it went into diagnostic mode at boot.
Nerves shredded, I will return to this (chastened) tomorrow.
I pulled the power early in the boot sequence. After the third try it went into diagnostic mode at boot.
Nerves shredded, I will return to this (chastened) tomorrow.
- Tue Nov 24, 2015 8:37 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Gah, I didn't properly think through the implications of enabling the api hooks with the shared memory pointer at null. Rats. Shift + restart click at the logon screen isn't booting me into safe mode and neither does F8 at boot with UEFI bios and a boot SSD.
I may be gone for a while
I may be gone for a while
- Tue Nov 24, 2015 7:58 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
My code... I took the full DLL project and commented out all of the HookAPI calls... to no avail, Edge wouldn't start. When I then commented out the CreateGlobalFileMapping [madCHook] and related [MapViewOfFile] calls, Edge started okay.
- Tue Nov 24, 2015 7:36 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
#1 no problems, Edge starts #2 problem with or without HookAPI So I started commenting out the code related to DLL_PROCESS_ATTACH... the problem remained until I commented out... g_hMapFile = CreateGlobalFileMapping(g_szIpcName, sizeof(MY_DAT)); if (g_hMapFile == NULL) return FALSE; if (GetLastError...
- Mon Nov 23, 2015 2:49 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Mine are cross-signed IIRC... also folder permission "ALL APPLICATION PACKAGES" is set on the dll's
- Mon Nov 23, 2015 2:41 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Windows 10 Pro - 64-bit ver 10.0.10586 Microsoft Edge 25.10586.0.0 Microsoft EdgeHTML 13.10586 I sign my injection dll's using the same cert as the driver... that *might* be a factor. N.B. if you want to try that, don't forget to sign the injection dll's *before* using madconfigdrv to prep the drive...
- Mon Nov 23, 2015 11:07 am
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
I tried with a do-nothing dll injected by the MCH driver, just InitializeMadCHook, return TRUE on DLL_PROCESS_ATTACH
According to Proc Explorer, the injection dll is loaded okay... and Edge is functional. So I'm thinking something else/additional is going on with the latest Edge.
According to Proc Explorer, the injection dll is loaded okay... and Edge is functional. So I'm thinking something else/additional is going on with the latest Edge.
- Sun Nov 22, 2015 5:30 pm
- Forum: madCodeHook
- Topic: Edge Code Injection
- Replies: 36
- Views: 44890
Re: Edge Code Injection
Using MCH driver injection, Edge *seems* to start okay... however no page is displayed and after ~20 seconds it terminates.
Using CreateProcessEx from user-land, Edge never appears.
Using CreateProcessEx from user-land, Edge never appears.
- Thu Nov 14, 2013 5:58 pm
- Forum: madCodeHook
- Topic: Detecting Windows 8 Metro application
- Replies: 3
- Views: 4272
Re: Detecting Windows 8 Metro application
^ doesn't seem to work any more. Instead, use something akin to the following. Caveat: explorer and taskmgr report as immersive... bing maps' map.exe starts non-immersive but switches to immersive shortly after. typedef BOOL (WINAPI * t_IsImmersiveProcess)(HANDLE hProcess); t_IsImmersiveProcess fn_I...