Metro injection fail because of comctl32

c++ / delphi package - dll injection and api hooking
Post Reply
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Metro injection fail because of comctl32

Post by EaSy »

Hi,
we have a problem with injection our dll into some metro applications (For example "File Bricks" - MediaExplorer.exe). We are using standard dll for injection on all OSs (XP, vista, 7, and 8), but discovered a problem with metro. The problem lies within our dll dependencies. Our dll i dependent on shell32.dll and shell32.dll is internally dependent on comctl32.dll and... Comctl32!DllMain fails during the injection. So, I presume that common controls are not allowed to be inside metro apps. Comctl32!DllMain calls GetCurrentPackageId() and it returns ERROR_INSUFFICIENT_BUFFER. But the comctl32 is expecting APPMODEL_ERROR_NO_PACKAGE which leads to failure...

Interesting thing is that the MediaExplorer.exe has shell32.dll loaded within itself. Maybe we are probably loading different dll...

dll loader log:

Code: Select all

http://files.uloziste.com/40a639acd8332648/xxx.log
Any ideas how to bypass loading comctl32?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Metro injection fail because of comctl32

Post by madshi »

Well, that would be hooking rule 4:

http://help.madshi.net/HookingRules.htm

If you look at the HookProcessCreation demo, you'll see that it doesn't link to either shell32 or comctl32:

http://madshi.net/HookProcessCreation.zip

So it seems that your code somehow statically links to shell32. You should be able to avoid that. The first step would be to find out *why* shell32 is linked to.
Post Reply