Unable to inject a dll using madcodehook driver for app stor

contains all delphi packages mentioned below

Unable to inject a dll using madcodehook driver for app stor

Postby manutai » Wed May 11, 2016 7:46 am

Hi:

We are unable to inject a dll using madcodehook driver in Windows App stores process (VLC_WinRT.Windows.exe) ?

Could you please let us know the resolution for this issue ?

we are using madCodeHook 3.1.11 version.

Note : We performed this exercise for VLC Media player. We are able to successfully inject a dll into vlc.exe which is installed from the normal installer downloaded from the videolan website. But for "VLC for Windows Store (VLC_WinRT.Windows.exe)" and couple of other applications downloaded from the store dll is not getting injected using madcodehook driver.
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Wed May 11, 2016 8:14 am

Are those apps running or suspended?

Are we talking about all Metro apps or just store apps? Does it apply to *all* store apps or just some?

Are you starting the injection first and then start those store apps? Or the other way round? Does it work if you start the injection first?
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Wed May 11, 2016 9:41 am

Please find inline answers :

Are those apps running or suspended?
A : These apps are running, it is not suspended

Are we talking about all Metro apps or just store apps? Does it apply to *all* store apps or just some?
A: We have tried few store apps where we are facing this issue including "VLC for Windows Store (VLC_WinRT.Windows.exe)", we have not tried with all the apps.

Are you starting the injection first and then start those store apps? Or the other way round? Does it work if you start the injection first?
A: Yes, we are doing the injection first and then starting the store app (where dll should be injected in the process which is not happening in this case).
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Wed May 11, 2016 11:06 am

Does your hook dll have the NTFS read/execute rights "ALL APPLICATION PACKAGES"? That's needed for successfull Metro injection.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Wed May 11, 2016 12:13 pm

Yes, our hook dll is having NTFS read/execute rights for "ALL APPLICATION PACKAGES" but injection is not successful.
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Wed May 11, 2016 12:17 pm

Hmmmm... Is there any store app at all into which injection succeeds?

Does the PrintMonitor demo work?

http://madshi.net/PrintMonitor.zip

(Please make sure you assign "ALL APPLICATION PACKAGES" read/execute access to the whole demo folder, just to be safe, and please start injection before you start the store apps.)
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Thu May 12, 2016 10:42 am

Hi:

The 3-4 applications that we have installed from the store, we are unable to inject the dll in any of them. Do you see the same behaviour at your end ?

We tried PrintMonitor Demo with "XoDo Docs" and "DocumentViewer" Metro store Apps but the driver is not injecting the dll in these processes.

Note : we have tried few non Metro Apps as notepad.exe, excel.exe, word.exe where DemoDriver is injecting dll in these processes.
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Thu May 12, 2016 12:20 pm

Final question, before I look into this: Does injection work for any (non-store) Metro apps for you? E.g. Metro apps shipping with the OS?

In the past, usually there were only 2 problems with injecting into Metro apps: 1) Metro apps being paused/suspeneded. 2) missing "ALL APPLICATION PACKAGES". With these 2 solved, everybody had injection into Metro apps working fine. The one thing I'm not sure about is if Store apps are somehow different to Metro apps or not.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Thu May 12, 2016 2:29 pm

We have tried with few Metro Apps ( non store) but dll is not getting injected in the process although Metro apps are running and its "ALL APPLICATION PACKAGES" attribute is set as read/execute.
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Thu May 12, 2016 2:39 pm

Does your hook dll have any kind of manifest, either externally or in the resource section? If so, try removing that.

Metro injection definitely worked fine, the last time I tested it. I suppose I can retest, when I find some time (not today).
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Thu May 12, 2016 2:40 pm

P.S: Sorry, one more question: Is this problem only occurring on Windows 10, or also on Windows 8.1?
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Fri May 20, 2016 5:24 am

yes this problem occurs on both "Window 10" and "Window 8.1" ..
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Fri May 20, 2016 2:32 pm

Ok, I've just tested this with the Windows built in Photos app on Windows 8.1 x64, and injection works just fine with the HookProcessCreation demo, after I've added "ALL APPLICATION PACKAGES" NTFS read/execute rights:

http://madshi.net/HookProcessCreation.zip

The PrintMonitor didn't work because it only injected in the current user session, while apps seem to run in a different session. If you switch the HookProcessCreation demo into "system wide" mode, it works with the Photos app, at least.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unable to inject a dll using madcodehook driver for app

Postby manutai » Mon May 23, 2016 4:56 am

i have performed following steps. on (Window 8 X64.)
1 - i have give "ALL APPLICATION PACKAGES" NTFS read/execute to extracted package.
2 - launched "DllInjector64.exe" and
3 - Selected system wide mode and then after click of inject dll and then selected "HookProcessCreation64.dll"

some how it is not working with photos, skype, games metro app only worked with iexplore.exe(internet explorer).
manutai
 
Posts: 80
Joined: Sun Aug 03, 2008 1:40 am

Re: Unable to inject a dll using madcodehook driver for app

Postby madshi » Mon May 23, 2016 6:52 am

I'm not sure what I can do here. It works for me, and it seems to work for everybody else. Nobody else has reported any problem about this, and there were many users who had problems at first, but got it running after adding ALL APPLICATION PACKAGES. So right now it seems that the problem is limited to your PC(s) somehow.

Can you create and upload a VM (e.g. VmWare) for me with which I could reproduce the problem? The only way I can help you is if I'm able to reproduce the problem on my PC.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Next

Return to madCollection

Who is online

Users browsing this forum: No registered users and 1 guest