Browsers Injections Failures Win7 64bit
Browsers Injections Failures Win7 64bit
Hi Madshi
I am experiencing strange behavior when trying to inject my dll to new browsers (IE9,chrome 25.0.1364.152 ,FF 17.0.1)
I am using the c++ version, hooking with CreateProcessEx, this method used to work before, but now on IE9 the process is crashing with a null pointer exception,
on FF the flash player is getting stuck and hanging the entire FF process, on Chrome the Flash player is not hooked at all.
I also hooking the create process APIs inside my DLL:
HookAPI("kernel32.dll", "CreateProcessA", CreateProcessACallback, (PVOID*) &CreateProcessANext);
HookAPI("kernel32.dll", "CreateProcessW", CreateProcessWCallback, (PVOID*) &CreateProcessWNext);
HookAPI("advapi32.dll", "CreateProcessAsUserA", CreateProcessAsUserACallback, (PVOID*) &CreateProcessAsUserANext);
HookAPI("advapi32.dll", "CreateProcessAsUserW", CreateProcessAsUserWCallback, (PVOID*) &CreateProcessAsUserWNext);
HookAPI("advapi32.dll", "CreateProcessWithLogonW", CreateProcessWithLogonWCallback, (PVOID*) &CreateProcessWithLogonWNext);
// On Vista and above only
HookAPI("advapi32.dll", "CreateProcessWithTokenW", CreateProcessWithTokenWCallback, (PVOID*) &CreateProcessWithTokenWNext);
Please advise
Thanks
Roni
I am experiencing strange behavior when trying to inject my dll to new browsers (IE9,chrome 25.0.1364.152 ,FF 17.0.1)
I am using the c++ version, hooking with CreateProcessEx, this method used to work before, but now on IE9 the process is crashing with a null pointer exception,
on FF the flash player is getting stuck and hanging the entire FF process, on Chrome the Flash player is not hooked at all.
I also hooking the create process APIs inside my DLL:
HookAPI("kernel32.dll", "CreateProcessA", CreateProcessACallback, (PVOID*) &CreateProcessANext);
HookAPI("kernel32.dll", "CreateProcessW", CreateProcessWCallback, (PVOID*) &CreateProcessWNext);
HookAPI("advapi32.dll", "CreateProcessAsUserA", CreateProcessAsUserACallback, (PVOID*) &CreateProcessAsUserANext);
HookAPI("advapi32.dll", "CreateProcessAsUserW", CreateProcessAsUserWCallback, (PVOID*) &CreateProcessAsUserWNext);
HookAPI("advapi32.dll", "CreateProcessWithLogonW", CreateProcessWithLogonWCallback, (PVOID*) &CreateProcessWithLogonWNext);
// On Vista and above only
HookAPI("advapi32.dll", "CreateProcessWithTokenW", CreateProcessWithTokenWCallback, (PVOID*) &CreateProcessWithTokenWNext);
Please advise
Thanks
Roni
Re: Browsers Injections Failures Win7 64bit
Could you please double check with the latest beta build, just to be safe:
http://madshi.net/madCollectionBeta.exe
If the problem still occurs with the build, could you please check whether the problem also occurs with this demo project (compiled as is):
http://madshi.net/HookProcessCreation.zip
If the problem does not occur with the demo, but if it does occur with your own project then probably there's something problematic in your hook dlls. If the problem also occurs with the demo, please let me know which exact OS you're using and I'll check if I can reproduce the problem here.
http://madshi.net/madCollectionBeta.exe
If the problem still occurs with the build, could you please check whether the problem also occurs with this demo project (compiled as is):
http://madshi.net/HookProcessCreation.zip
If the problem does not occur with the demo, but if it does occur with your own project then probably there's something problematic in your hook dlls. If the problem also occurs with the demo, please let me know which exact OS you're using and I'll check if I can reproduce the problem here.
Re: Browsers Injections Failures Win7 64bit
Hi Madshi
Thank you for your quick reply.
The demo worked, I found the crash on IE9 was due to something on my injected DLL (Probably affected by some Microsoft update).
Still wasn't able to find out the problem for FF hanging when the flash player plugin is hooked.
I am doing some string comparisons and substring findings that may cause the instability, what is the safer way to do it on this level?
Thanks
Roni
Thank you for your quick reply.
The demo worked, I found the crash on IE9 was due to something on my injected DLL (Probably affected by some Microsoft update).
Still wasn't able to find out the problem for FF hanging when the flash player plugin is hooked.
I am doing some string comparisons and substring findings that may cause the instability, what is the safer way to do it on this level?
Thanks
Roni
Re: Browsers Injections Failures Win7 64bit
I'm not sure. But a first good try would be to double check if you follow all the hooking rules:
http://help.madshi.net/HookingRules.htm
http://help.madshi.net/HookingRules.htm
Re: Browsers Injections Failures Win7 64bit
Hi
I tested FF injection with the create process APIs hooked, the functions does nothing but calling to the original ones.
FireFox still hangs when the flash player process starts, can it be that the plugin-container.exe process that holds the Flash
Player cannot be hooked?
Thanks
Roni
I tested FF injection with the create process APIs hooked, the functions does nothing but calling to the original ones.
FireFox still hangs when the flash player process starts, can it be that the plugin-container.exe process that holds the Flash
Player cannot be hooked?
Thanks
Roni
Re: Browsers Injections Failures Win7 64bit
I don't know. Maybe. Or it could be a bug in your code. Or it could be a bug in madCodeHook. Or it could be a broken installation. Or [...]. I simply don't have enough information to say anything useful.
What you could try is to find out why the HookProcessCreation demo works, but your solution not. The hooked APIs are partially identical. So where's the difference?
What you could try is to find out why the HookProcessCreation demo works, but your solution not. The hooked APIs are partially identical. So where's the difference?
Re: Browsers Injections Failures Win7 64bit
Those browsers make use of Windows's low integrity process mode. Some calls - especially accessing shared resources - will fail.
madCodeHook used to have problems with that but now it seems to be fine.
madCodeHook used to have problems with that but now it seems to be fine.