Search found 6 matches

by ezh
Tue Jul 24, 2018 7:46 am
Forum: madCodeHook
Topic: New protection from dll injection in Google Chrome
Replies: 5
Views: 6920

Re: New protection from dll injection in Google Chrome

You say we can cross-sign our DLL (not driver, but user-mode DLL) ? Does it work in a similar way to driver cross-signature or there is another workflow?
by ezh
Mon Jul 23, 2018 4:24 pm
Forum: madCodeHook
Topic: New protection from dll injection in Google Chrome
Replies: 5
Views: 6920

New protection from dll injection in Google Chrome

Few days ago Google release Chrome Canary (v.70) where it implemented some protection from dll injection. They had announce about this feature some time ago - https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html and now finally it is enabled in Chrome Canary and looks like ...
by ezh
Thu Sep 24, 2015 11:19 am
Forum: madCodeHook
Topic: Microsoft Edge hooking
Replies: 36
Views: 25129

Re: Microsoft Edge hooking

Thank you very much for the explanation.
by ezh
Wed Sep 23, 2015 5:16 pm
Forum: madCodeHook
Topic: Microsoft Edge hooking
Replies: 36
Views: 25129

Re: Microsoft Edge hooking

Yes! You are right! I tried PrintMonitor sample and if driver was started before Edge - HookPrintAPIs64.dll is loaded into MicrosoftEdgeCp.exe!
Do you have ideas why does it work this way?
by ezh
Wed Sep 23, 2015 3:06 pm
Forum: madCodeHook
Topic: Microsoft Edge hooking
Replies: 36
Views: 25129

Re: Microsoft Edge hooking

Have update: it is still possible to inject dlls to other Metro applications, but not to Edge. When trying to inject dll madCodeHook succesfully creates remote thread in MicrosoftEdgeCp.exe, call LoadLibraryEx, then dll is being loaded (I see CreateFile and ReadFile calls in ProcMon), and then every...
by ezh
Tue Sep 22, 2015 10:28 am
Forum: madCodeHook
Topic: Microsoft Edge hooking
Replies: 36
Views: 25129

Re: Microsoft Edge hooking

Ok, answers above are very good and useful, we really need ALL APPLICATION PACKAGES flag - and it was enough to inject dll into Edge (by madCodeHook or by other tools). It worked fine - we even released our product with injecting to Edge feature enabled and got no any real problem reports from our u...