Hi..
As you may know, there are two ways to run Internet Explorer 10 in windows 8, app mode and desktop mode.
I'm trying to hook Internet Explorer in Windows 8(x64).
In desktop aplication mode everything is fine. But in app mode DLL injection does not work correctly.
When IE is running in app mode, two iexplore.exe instances are loaded as parent and child processes as you can see from attached screenshot.
The problems is that my hook dll is not injected to the child iexplore.exe(PID 4588) automatically.
But I can see that my hook dll is injected to the parent iexplorer.exe(PID 4552) succesfully.
I injected my hook dll as follows:
InjectLibrary(TEXT("MyDriver"), TEXT("MyHook.x86.dll"), ALL_SESSIONS, FALSE, NULL, L"Dbgview.exe");
InjectLibrary(TEXT("MyDriver"), TEXT("MyHook.x64.dll"), ALL_SESSIONS, FALSE, NULL, L"Dbgview.exe");
For test purpose, I didn't hook any APIs in my hook dll.
Thank you.
Injecting a DLL to IE10 in App Mode (Windows 8)
Injecting a DLL to IE10 in App Mode (Windows 8)
- Attachments
-
- AppIE.png (93.54 KiB) Viewed 8829 times
Re: Injecting a DLL to IE10 in App Mode (Windows 8)
Looks to be a sandbox issue with IE 10, specifically EPM (enhanced protected mode)... This is just my opinion from first glance, I do not run IE though.
--Iconic
Source: http://www.julien-manici.com/blog/ie10- ... windows-8/Enters the "Enhanced Protected Mode" (EPM)
As IE10 Metro was marketed as a "no plugin" browser, it was the perfect candidate to implement a more restrictive sandbox.
Here is what it does:
IE tabs processes are run in an AppContainer, which is basically the sandbox in which every WinRT applications are run.
It ensures IE always run as a 64bit process on x64 architectures, with DEP always enabled
ASLR has more entropy (better than the current ASLR in Windows 7 and web browsers like Chrome which does not yet use it)
Read access to the file system (and registry) is now blocked too (previously, only write access was blocked)
Interprocess communications are blocked, including sockets connections to localhost
--Iconic
Re: Injecting a DLL to IE10 in App Mode (Windows 8)
In order to inject your hook dll into Metro style apps, your hook dll (or its parent folder) must have NTFS security read/execute rights for "ALL_APPLICATION_PACKAGES".
It's also possible that the IE10 sandbox is simply too strict, I don't know for sure.
It's also possible that the IE10 sandbox is simply too strict, I don't know for sure.
Re: Injecting a DLL to IE10 in App Mode (Windows 8)
Thank you madshi!
After modifying folder and dll permission as you suggested, everything works like a charm!
Thank you!
After modifying folder and dll permission as you suggested, everything works like a charm!
Thank you!