Search found 21 matches

by lovenamu
Wed Nov 17, 2021 1:36 pm
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

.... we can rule that out after you've tested with C:\Windows\ instead *just a shot in the dark here* Also, does your system service load very early with a load order group? That might be another detail that can matter in this case potentially. Maybe you could share the exact params you're using fo...
by lovenamu
Tue Nov 16, 2021 11:44 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

Hello, I've just completed a series of EXCLUDE (not INCLUDE) tests with MCH Injection. I was not able to reproduce your issue at all, everything worked perfectly fine here. I tested in both Windows 7 x64 and Windows 10 x64. ...... --Iconic I have found how to reproduce my issue. This issue happens ...
by lovenamu
Mon Nov 08, 2021 10:28 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); ....... Which codes are more recommended? I'm using the B code. A. LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); B. LoadInjectionDriver('TestDriver', 'DemoDriver32.sys', 'DemoDriver64.sys'); I'll check your recommending code....
by lovenamu
Fri Nov 05, 2021 10:26 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me. --Iconic I'll check it right away. Thank you. Despite of my dll & sys are signed by Microsoft, chrome injection failure issue is not solved. 036.png Other Injection ( e.g. notepad....
by lovenamu
Fri Nov 05, 2021 2:11 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

iconic wrote: Thu Nov 04, 2021 5:43 pm
This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me.

--Iconic
I'll check it right away.
Thank you.
by lovenamu
Thu Nov 04, 2021 9:51 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

madshi wrote: Thu Nov 04, 2021 9:12 am What does "the partial injection failure happens always" mean? Can you please explain what happens exactly when you use an include mask of "chrome.exe"?
# of chrome process: 10
# of injected (chrome) process: 5
# of not injected (chrome) process: 5
chrom3.png
chrom3.png (71.03 KiB) Viewed 2309 times
Thank you.
by lovenamu
Thu Nov 04, 2021 9:11 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

I have found another serious issue. When using the "pIncludeMask" with "chrome.exe" , the partial injection failure happens always. - Win 10 x64 environment - Chrome version: 95.0.4638.54 ( latest version ) > (BOOL) InjectLibraryW( > MyDriverName, // LPCWSTR pDriverName, > MyLibF...
by lovenamu
Thu Nov 04, 2021 8:57 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

1) A. In the moment when you call InjectLibrary, madCodeHook loops through all already running processes and injects every one. B. The madCodeHook injection driver takes care of automatically injecting into any newly created processes. Can you please double check if both ways are affected by this p...
by lovenamu
Tue Nov 02, 2021 12:36 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

@lovenamu: Maybe in the meanwhile, until we can test and reproduce your issue, you might want to call GetModuleFileName(NULL, .., .., ..) inside the injected process to retrieve the process name and if it's RuntimeBroker.exe you can return FALSE in DLLMain(), that way your DLL, while still injected...
by lovenamu
Tue Nov 02, 2021 12:34 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

Re: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

madshi wrote: Fri Oct 29, 2021 9:23 am @lovenamu, does this happen on all OSs or just specific ones?
I have tested only on the win10 x64.
I have not the other OS environment.
by lovenamu
Fri Oct 29, 2021 6:25 am
Forum: madCodeHook
Topic: [madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected
Replies: 29
Views: 5469

[madCodeHook 4.2.0 or 4.1.3] Some excluded process are Injected

Hello My problem is that some excluded processes are injected. - OS : Windows 10 64bit ( 1903 ) - madCodeHook: 4.2.0 or 4.1.3 My code is like as below: (BOOL) InjectLibraryW( MyDriverName, // LPCWSTR pDriverName, MyLibFileName, // LPCWSTR pLibFileName, ALL_SESSIONS, // DWORD dwSession, INJECT_SYSTEM...
by lovenamu
Wed Jan 16, 2019 2:57 am
Forum: madCodeHook
Topic: [4.1.2 Problem][RuntimeBroker.exe Process]Injection Failed
Replies: 6
Views: 7751

[4.1.2 Problem][RuntimeBroker.exe Process]Injection Failed

Hello. I have the injection problem about RuntimeBroker.exe, which is used by the Skype App (UWP Apps: Universal Windows Platform). ( OS: Windows 10 Enterprise Version 1803, x64 ) Until madCodeHook 4.1.0, there is no injection problem. Below screenshot shows the injection has succeeded. I think that...
by lovenamu
Mon Jan 27, 2014 3:53 pm
Forum: madCodeHook
Topic: IPC Issue of Windows 7 (32bit)
Replies: 1
Views: 2181

IPC Issue of Windows 7 (32bit)

We have supplied our customer with our security software that uses madCodeHook library to hook StartDocW() API. The hooked program is IE(Internet Explorer)8, which executes an active-x program in some html pages. The active-x program is used to print some reports of the customer. In the callback fun...
by lovenamu
Fri Apr 12, 2013 2:21 am
Forum: madCodeHook
Topic: Some messages through IPC callback are modified
Replies: 3
Views: 4497

Re: Some messages through IPC callback are modified

I think that my coding mistake is the cause of this problem.
The function 'sprintf()' makes the below formatted result.

%EC%B9%B4%EB%93
==> 1.618954E-319CB9B49.881313E-323B

I 'd greatly appreciate your help!!