madshi.net

Hi:

We are unable to inject a dll using madcodehook driver in Windows App stores process (VLC_WinRT.Windows.exe) ?

Could you please let us know the resolution for this issue ?

we are using madCodeHook 3.1.11 version.

Note : We performed this exercise for VLC Media player. We are able to successfully inject a dll into vlc.exe which is installed from the normal installer downloaded from the videolan website. But for "VLC for Windows Store (VLC_WinRT.Windows.exe)" and couple of other applications downloaded from the store dll is not getting injected using madcodehook driver.

Are those apps running or suspended?

Are we talking about all Metro apps or just store apps? Does it apply to *all* store apps or just some?

Are you starting the injection first and then start those store apps? Or the other way round? Does it work if you start the injection first?

Please find inline answers :

Are those apps running or suspended?
A : These apps are running, it is not suspended

Are we talking about all Metro apps or just store apps? Does it apply to *all* store apps or just some?
A: We have tried few store apps where we are facing this issue including "VLC for Windows Store (VLC_WinRT.Windows.exe)", we have not tried with all the apps.

Are you starting the injection first and then start those store apps? Or the other way round? Does it work if you start the injection first?
A: Yes, we are doing the injection first and then starting the store app (where dll should be injected in the process which is not happening in this case).

Does your hook dll have the NTFS read/execute rights "ALL APPLICATION PACKAGES"? That's needed for successfull Metro injection.

Yes, our hook dll is having NTFS read/execute rights for "ALL APPLICATION PACKAGES" but injection is not successful.

Hmmmm... Is there any store app at all into which injection succeeds?

Does the PrintMonitor demo work?

http://madshi.net/PrintMonitor.zip

(Please make sure you assign "ALL APPLICATION PACKAGES" read/execute access to the whole demo folder, just to be safe, and please start injection before you start the store apps.)

Hi:

The 3-4 applications that we have installed from the store, we are unable to inject the dll in any of them. Do you see the same behaviour at your end ?

We tried PrintMonitor Demo with "XoDo Docs" and "DocumentViewer" Metro store Apps but the driver is not injecting the dll in these processes.

Note : we have tried few non Metro Apps as notepad.exe, excel.exe, word.exe where DemoDriver is injecting dll in these processes.

Final question, before I look into this: Does injection work for any (non-store) Metro apps for you? E.g. Metro apps shipping with the OS?

In the past, usually there were only 2 problems with injecting into Metro apps: 1) Metro apps being paused/suspeneded. 2) missing "ALL APPLICATION PACKAGES". With these 2 solved, everybody had injection into Metro apps working fine. The one thing I'm not sure about is if Store apps are somehow different to Metro apps or not.

We have tried with few Metro Apps ( non store) but dll is not getting injected in the process although Metro apps are running and its "ALL APPLICATION PACKAGES" attribute is set as read/execute.

Does your hook dll have any kind of manifest, either externally or in the resource section? If so, try removing that.

Metro injection definitely worked fine, the last time I tested it. I suppose I can retest, when I find some time (not today).

P.S: Sorry, one more question: Is this problem only occurring on Windows 10, or also on Windows 8.1?

yes this problem occurs on both "Window 10" and "Window 8.1" ..

Ok, I've just tested this with the Windows built in Photos app on Windows 8.1 x64, and injection works just fine with the HookProcessCreation demo, after I've added "ALL APPLICATION PACKAGES" NTFS read/execute rights:

http://madshi.net/HookProcessCreation.zip

The PrintMonitor didn't work because it only injected in the current user session, while apps seem to run in a different session. If you switch the HookProcessCreation demo into "system wide" mode, it works with the Photos app, at least.

i have performed following steps. on (Window 8 X64.)
1 - i have give "ALL APPLICATION PACKAGES" NTFS read/execute to extracted package.
2 - launched "DllInjector64.exe" and
3 - Selected system wide mode and then after click of inject dll and then selected "HookProcessCreation64.dll"

some how it is not working with photos, skype, games metro app only worked with iexplore.exe(internet explorer).

I'm not sure what I can do here. It works for me, and it seems to work for everybody else. Nobody else has reported any problem about this, and there were many users who had problems at first, but got it running after adding ALL APPLICATION PACKAGES. So right now it seems that the problem is limited to your PC(s) somehow.

Can you create and upload a VM (e.g. VmWare) for me with which I could reproduce the problem? The only way I can help you is if I'm able to reproduce the problem on my PC.