Support for Windows 8

[manutai]

I have not taken a deep dive in Windows 8 yet but do you see any major challenges in supporting Windows 8 OS ? Is this there in your roadmap ?

Thanks.

[madshi]

This one should work fine with win8:

http://madshi.net/madCollectionBeta.exe

[immer000]

Hi madshi, testing with madCodeHook 3.1.0 from installer 2.7.3.0 on windows 8 RTM (build 9200 from MSDN) :

* Hooking works great !
* Injection driver is not functional. The driver loads but calling InjectLibrary fails. GetLastError returns ERROR_GEN_FAILURE (0x1F) "A device attached to the system is not functioning."
* IPC queue is broken. Creation succeeds, the first message goes through but any subsequent messages end up locking the calling program (never returns from NtConnectPort).
* Global objects helpers are fine.

[madshi]

Here's a new test build I uploaded yesterday:

http://madshi.net/madCollectionBeta.exe (installer 2.7.3.4)

It contains fixes for IPC for Metro apps (AppContainer integrity level). I've tested with this build on win8 x64 and everything worked fine for me, including dll injection and IPC.

"ERROR_GEN_FAILURE" could indicate a problem with driver configuration or signing. Does the same driver work on older OSs?

Please note that dll injection into Metro apps will only work if the folder in which the hook dlls are stored has read/execute access for the group "ALL APPLICATION PACKAGES".

[immer000]

Thanks for your fast response ! I have tried the new beta, no luck

The injection is the same, the call to LoadInjectionDriver succeeds, it's InjectLibrary that fails... I am calling those from a service running under the LocalSystem account so it is probably not a permission issue.

Here are the arguments :

Code: Select all

InjectLibraryA( baseNameA, dllName, ALL_SESSIONS, FALSE, includeMask.empty()?NULL:includeMask.c_str(), excludeMask.empty()?NULL:excludeMask.c_str(), NULL);

Nothing comes up in the Security event log.

Here is how I make the x64 injection driver :

Code: Select all

copy "C:\Program Files (x86)\madCollection\madCodeHook\Driver\renameme64.sys" WarpDrvx64.sys

"C:\Program Files (x86)\madCollection\madCodeHook\Driver\madConfigDrv.exe" WarpDrvx64.sys WarpDrv WarpDrvx64.dll WarpDrvx86.dll -unsafeStopAllowed

"C:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe" sign /a /n "ABAS Labs Pty Ltd" /t "http://timestamp.verisign.com/scripts/timstamp.dll" /ph /ac MSCV-VSClass3.cer WarpDrvx64.sys

The MSCV-VSClass3 cross-signing certificate is the one with thumbprint ‎58455389cf1d0cd6a08e3ce216f65adff7a86408, I know there are several floating around, is there a newer one I should be using ?

Injected DLLs are put in Program Files by the installer but while debugging they are on my data partition where everyone has full access. Same behavior.

The exact same binaries work fine under Windows XP, Vista and 7.

As far as the IPC is concerned, same situation, it has been flawless under older versions of Windows but breaks under Windows 8. I don't care about Metro apps (yet), having it running for normal desktop applications would be a good start. The current architecture is the IPC queue is created and handled by a service and the SendIPCMessage calls are wrapped in an API DLL that the main GUI uses.

Tried with both Visual Studio 2010 and 2012, same story.

[immer000]

Forgot to mention an important thing : for 64 bit OSes all my binaries are 64 bit. I just noticed the IPC deadlock only happens when the ipc handler is x64 code ! Running 32 bit binaries on Windows 8 x64 does not trigger the problem.

I can replicate some problems with code as simple as this :

Code: Select all

#include <Windows.h>
#include <madCHook.h>
#include <stdio.h>

volatile long count = 0;
VOID WINAPI ipcHandler(LPCSTR pIpc, LPCVOID pMessageBuf, DWORD dwMessageLen, LPVOID pAnswerBuf, DWORD dwAnswerLen)
{
	InterlockedIncrement(&count);
}

int main()
{
	InitializeMadCHook();
	CreateIpcQueue("test", ipcHandler);
	for(int i = 0; i < 100; ++i)
		SendIpcMessage("test", NULL, 0, NULL, 0);
	DestroyIpcQueue("test");
	FinalizeMadCHook();

	printf("called %d times!\n", count);
}

Sometimes it outputs "called 100 times!" and sometimes "called 99 times!" (any OS).

I've put the compiled binaries with their debug symbols (compiled with Visual Studio 2012) and a memory dump of the hung process for you to look at there : http://dl.free.fr/iS3P0mV8O

[immer000]

Looks like I didn't try hard enough. I completely cut Visual Studio 2012 out of the picture and did a full rebuild of every component with VS2010 SP1 and now everything works fine on Windows 8 - both the IPC and the injection.

So by the looks of it madCodeHook's core functions are working well under Windows 8.

VS2012 is the culprit that broke things for Windows 8 x64... although the binaries it produces somewhat work under Windows 8 x86, Windows 7 and Vista (XP is out by design).

[madshi]

That's weird that VS2012 makes problems, didn't have any such reports yet. Good to know, though, in case other people struggle with the same problem.

Anyway, I'm glad to hear that everything seems to be working for you when using VS2010.

[Davita]

I'm having exact same problem. I'm running Windows 8 x64 edition. When my binaries are build with VC 2012 x64, IPC just deadlocks after receiving first message. I didn't try recompiling to vs 2010 though, I'll try that.

[madshi]

Did you try a brand new MSVC++ project? Or did you base your project on one of the madCodeHook demos? I suppose that maybe some default settings in MSVC++ 2012 might be different, like alignment stuff or something like that...

[Davita]

No, I have a brand new project. However, it's a Qt application, built using QMake not MSVC. I don't think this could be the issue, because everything worked fine when I was under Win 7 & MSVC 2010. I'll recompile Qt under MSVC 2010 in a few hours and let you know if it helps.

[Davita]

Ok guys, I can confirm that, mad ipc has problems when built with VC 2012 x64.
I just tested using VC 2010 x64 and it works fine.

[madshi]

Can you do a quick check, by copying the MSVC++ 2010 project, then importing it in MSVC++ 2012, so that you basically get the MSVC++ 2010 project settings converted over to MSVC++ 2012? Does the problem then still occur?

[Davita]

Sure. I did the following:

1. Created an empty console app in VS 2010.
2. Added madCHook64 lib in dependencies.
3. Wrote a simple code to test ipc scenario.
4. Run and it worked.

Then I opened the project using VS 2012 (with Update 1).
A dialog appeared asking me to update the project type to VC 2012, I updated.
Run the sample and it didn't work. As I already mentioned, after first message, ipc just deadlocks.

https://dl.dropbox.com/u/3055964/IpcTest.zip here's the sample project for easying your task. Just put lib file and it should compile just fine. I didn't include them because I'm a commercial customer

Please let me know if there's anything I can do to assist you. I'd be more than happy to help.

[madshi]

At this point I'm not sure what to do exactly. I don't have a license to VS 2012 at the moment, so I can't really test it myself. Do you have access to the madCodeHook source code? If so, you could try compiling the madCodeHook sources yourself, instead of using the static lib (which I'm compiling with MSVC++ 2005, btw).