madshi.net

I'm very sorry for the delay in responding.
"INJECT_ALLOW_THREAD flag" works !!!!
Thank you

Hello The hooking conflict problem has happened in our customer sites. After the other security software hooking some processes - for example, java.exe - , we can't hooking that. Although there is no error, our hooking dll can't be loaded to the process which is already injected by the other securit...

Hello~~
I'm very sorry for the late reply.
We have found the reason of this issue is our buggy-code which hooks "SetWindowsHookEx" API.
After hooking the API, our buggy-code makes the other hooking-operations slow down.

Thank you for your support.

.... we can rule that out after you've tested with C:\Windows\ instead *just a shot in the dark here* Also, does your system service load very early with a load order group? That might be another detail that can matter in this case potentially. Maybe you could share the exact params you're using fo...

Hello, I've just completed a series of EXCLUDE (not INCLUDE) tests with MCH Injection. I was not able to reproduce your issue at all, everything worked perfectly fine here. I tested in both Windows 7 x64 and Windows 10 x64. ...... --Iconic I have found how to reproduce my issue. This issue happens ...

LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); ....... Which codes are more recommended? I'm using the B code. A. LoadInjectionDriver('TestDriver', nil, 'DemoDriver64.sys'); B. LoadInjectionDriver('TestDriver', 'DemoDriver32.sys', 'DemoDriver64.sys'); I'll check your recommending code....

This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me. --Iconic I'll check it right away. Thank you. Despite of my dll & sys are signed by Microsoft, chrome injection failure issue is not solved. 036.png Other Injection ( e.g. notepad....

iconic wrote: ↑Thu Nov 04, 2021 5:43 pm
This issue is because your DLL is not signed by Microsoft most likely, that's the policy that is very clear to me.

--Iconic

I'll check it right away.
Thank you.

madshi wrote: ↑Thu Nov 04, 2021 9:12 am What does "the partial injection failure happens always" mean? Can you please explain what happens exactly when you use an include mask of "chrome.exe"?

# of chrome process: 10
# of injected (chrome) process: 5
# of not injected (chrome) process: 5
Thank you.

I have found another serious issue. When using the "pIncludeMask" with "chrome.exe" , the partial injection failure happens always. - Win 10 x64 environment - Chrome version: 95.0.4638.54 ( latest version ) > (BOOL) InjectLibraryW( > MyDriverName, // LPCWSTR pDriverName, > MyLibF...

1) A. In the moment when you call InjectLibrary, madCodeHook loops through all already running processes and injects every one. B. The madCodeHook injection driver takes care of automatically injecting into any newly created processes. Can you please double check if both ways are affected by this p...

@lovenamu: Maybe in the meanwhile, until we can test and reproduce your issue, you might want to call GetModuleFileName(NULL, .., .., ..) inside the injected process to retrieve the process name and if it's RuntimeBroker.exe you can return FALSE in DLLMain(), that way your DLL, while still injected...

madshi wrote: ↑Fri Oct 29, 2021 9:23 am @lovenamu, does this happen on all OSs or just specific ones?

I have tested only on the win10 x64.
I have not the other OS environment.

Hello My problem is that some excluded processes are injected. - OS : Windows 10 64bit ( 1903 ) - madCodeHook: 4.2.0 or 4.1.3 My code is like as below: (BOOL) InjectLibraryW( MyDriverName, // LPCWSTR pDriverName, MyLibFileName, // LPCWSTR pLibFileName, ALL_SESSIONS, // DWORD dwSession, INJECT_SYSTEM...

Great!!! It works.
Thank you.