I need to hook the host and tab processes in IE9 on 32 bit W7.
I am working on W7 sp 1, IE 9.0.8112, mch 3.0.1. I am NOT using the injection driver.
IE is started using CreateProcessEX. This hooks the IE host process and injects my dll. My dll then hooks CreateProcessW. When a child process is started the hook suspends the child process and injects my dll into the child. This has worked well for many years on most applications.
In IE9 either CreateProcessW is not called when starting the tab process or IE is removing my hook.
After reading posts on this forum I changed to hooking CreateProcessInternalW. The hook also failed to be called.
Both methods work fine for child processes in other applications on W7. It seems to only be a problem in IE9.
Before I change to using the injection driver, has anyone else had experience of this? Is there a solution that does not use the injection driver? Changing to the injection driver means significant code, product build and package changes plus re-test.
thanks, Joe
Hook child processes fails in IE9
Re: Hook child processes fails in IE9
First I'd suggest to make sure that CreateProcessW or CreateProcessInternalW is really the API called by IE9. Maybe IE9 is using some other API? Maybe for protected mode it's using CreateProcessAsUser or CreateProcessWithLogonW or something like that? I've no idea, but of course it's a very different kind of error if you simply hooked the "wrong" API or DLL injection fails for some reason.
Re: Hook child processes fails in IE9
Thanks madshi, I had hooked the right api call; it does CreateProcAsUser then CreateProcInternal and then NtCreateProcAsuser. The problem is that injection is failing - I guess CreateRemoteThread. It is a UAC issue. If I run with admin priviledges my dll is injected. However, if I start with admin then shared memory that I use for IPC does not map between the two IE processes 
. I will work on that problem.
If I switch to the kernel driver will it solve UAC related injection problems?
Joe
. I will work on that problem.If I switch to the kernel driver will it solve UAC related injection problems?
Joe
Re: Hook child processes fails in IE9
The driver has no problems with UAC. I guess you're not using the madCodeHook IPC functions? They should work even if one of your processes is admin.