When using system-wide injection on Windows 8, there's a small glitch when running into Metro apps in the "suspended" state. The injection times out... making the whole call take quite a long time.
In my case I don't need to hook Metro apps, I am passing WWAHost.exe|C:\Program Files\WindowsApps\* as the exclude mask, as a workaround but I am not sure this is the best way of doing it nor if it will catch everything.
If the app resumes, then it successfully loads the injected DLL, but when uninjection time comes, if it is in the suspended state again, the same issue arises... and the DLL remains loaded as long as the app is running.
Windows 8 : injection into suspended Metro apps
Re: Windows 8 : injection into suspended Metro apps
That is interesting. Normally I believe Windows simply suspends all threads in a process if it wants to suspend the whole process. In such a situation DLL injection should work just fine. It seems that MS might have introduced a new "whole process is suspended" state so that even remote threads are suspended, too? Will have to check that. The big question is if there's anything I can do about it. Maybe I should detect the suspended state and then skip waiting for the injection/uninjection to succeed? I guess it could also make sense to add an extra injection flag to enable/disable injection into Metro apps?