madshi.net

.... we can rule that out after you've tested with C:\Windows\ instead *just a shot in the dark here* Also, does your system service load very early with a load order group? That might be another detail that can matter in this case potentially. Maybe you could share the exact params you're using fo...

Hello, I've just completed a series of EXCLUDE (not INCLUDE) tests with MCH Injection. I was not able to reproduce your issue at all, everything worked perfectly fine here. I tested in both Windows 7 x64 and Windows 10 x64. ...... --Iconic I have found how to reproduce my issue. This issue happens ...

LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); ....... Which codes are more recommended? I'm using the B code. A. LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); B. LoadInjectionDriver('TestDriver', 'DemoDriver32.sys', 'DemoDriver64.sys'); I'll check your recommending code....

This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me. --Iconic I'll check it right away. Thank you. Despite of my dll & sys are signed by Microsoft, chrome injection failure issue is not solved. 036.png Other Injection ( e.g. notepad....

iconic wrote: ↑Thu Nov 04, 2021 5:43 pm
This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me.

--Iconic

I'll check it right away.
Thank you.

madshi wrote: ↑Thu Nov 04, 2021 9:12 am What does "the partial injection failure happens always" mean? Can you please explain what happens exactly when you use an include mask of "chrome.exe"?

# of chrome process: 10
# of injected (chrome) process: 5
# of not injected (chrome) process: 5
Thank you.

I have found another serious issue. When using the "pIncludeMask" with "chrome.exe" , the partial injection failure happens always. - Win 10 x64 environment - Chrome version: 95.0.4638.54 ( latest version ) > (BOOL) InjectLibraryW( > MyDriverName, // LPCWSTR pDriverName, > MyLibF...

1) A. In the moment when you call InjectLibrary, madCodeHook loops through all already running processes and injects every one. B. The madCodeHook injection driver takes care of automatically injecting into any newly created processes. Can you please double check if both ways are affected by this p...

@lovenamu: Maybe in the meanwhile, until we can test and reproduce your issue, you might want to call GetModuleFileName(NULL, .., .., ..) inside the injected process to retrieve the process name and if it's RuntimeBroker.exe you can return FALSE in DLLMain(), that way your DLL, while still injected...

madshi wrote: ↑Fri Oct 29, 2021 9:23 am @lovenamu, does this happen on all OSs or just specific ones?

I have tested only on the win10 x64.
I have not the other OS environment.

Hello My problem is that some excluded processes are injected. - OS : Windows 10 64bit ( 1903 ) - madCodeHook: 4.2.0 or 4.1.3 My code is like as below: (BOOL) InjectLibraryW( MyDriverName, // LPCWSTR pDriverName, MyLibFileName, // LPCWSTR pLibFileName, ALL_SESSIONS, // DWORD dwSession, INJECT_SYSTEM...

Great!!! It works.
Thank you.

Hello. I have the injection problem about RuntimeBroker.exe, which is used by the Skype App (UWP Apps: Universal Windows Platform). ( OS: Windows 10 Enterprise Version 1803, x64 ) Until madCodeHook 4.1.0, there is no injection problem. Below screenshot shows the injection has succeeded. I think that...

We have supplied our customer with our security software that uses madCodeHook library to hook StartDocW() API. The hooked program is IE(Internet Explorer)8, which executes an active-x program in some html pages. The active-x program is used to print some reports of the customer. In the callback fun...

I think that my coding mistake is the cause of this problem.
The function 'sprintf()' makes the below formatted result.

%EC%B9%B4%EB%93
==> 1.618954E-319CB9B49.881313E-323B

I 'd greatly appreciate your help!!