Problem : Inject my dll into 32bit process in win 8.1 x64

c++ / delphi package - dll injection and api hooking
Post Reply
star114
Posts: 6
Joined: Tue Mar 25, 2014 6:48 am

Problem : Inject my dll into 32bit process in win 8.1 x64

Post by star114 »

using LoadInjectionDriver ->InjectLibraryW,
inject my dll into 32 bit process in win 8.1 x64.

I Found Some Problems. (8.1 x64)
1.
Injections into some processes don't work.
Metro Apps (64 bit) - Normal.
Metro Apps (32 bit) - Inject Failed. (Ex: Genie( korean music player), Frozen Free Fall,,, and so on.) (downloaded in windows appstore)
MSBuild.exe( Visual studio Create these processes building a solutions., 32bit) - Inject Failed. ( Specially, also 7x64 )
Other Normal Apps (64 bit & 32 bit) - Normal.

InjectLibrary32 -> InjectLibraryOld32 -> ReadProcessMemory
ReadProcessMemory Function Failed with Error code 0x8000000D(STATUS_PARTIAL_COPY)

2.
When Using SetInjectionMethod(true) (newinejctionmethod)
InitInjectLibrary is called twice.
UseNewInjectionMethod Value Reinitialized when second call. InitInjectLibrary ->(My)SetInjectionMethod -> 2nd InitInjectLibrary
thus, always InjectLibraryOld32 called.


thanks. :D
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by madshi »

Some questions/tips:

(1) Are you using the latest madCodeHook version (3.1.6)?
(2) Please try giving execute/read NTFS rights for Everyone to your hook dll. Although I don't think this will help cause you've got no problems in 64bit.
(3) Make sure you've called InitializeMadCHook() in both your exe and your hook dll before calling any madCodeHook APIs.
(4) Have you tried on a clean 8.1 x64 VM?

If that doesn't help, please try one of these demos to double check if the problem also occurs with the demos:

http://madshi.net/HookProcessCreation.zip
http://madshi.net/PrintMonitor.zip

Please don't recompile the demos (at first), so you can check if the demos as compiled by me work ok or not. If they work fine, then you can try recompiling them and check if they still work fine. If they do, then there must be something different about your own project which makes it stop working. In that case you can compare the demos to your own project to hopefully find out what the problem is. If the demo doesn't work after you recompiled it, then something might be wrong with your compilation/signing process. If the original demo (compiled by me) has the same problems on your PC then this might be a real bug in madCodeHook, or maybe some sort of conflict with some other software running on your PC.
star114
Posts: 6
Joined: Tue Mar 25, 2014 6:48 am

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by star114 »

Thank you for your rely.

(1) I'm using 3.1.5 now. but, i already checked 3.1.6 version. it was same.
(2) my hook dll has Execute/Read NTFS rights already.
(3) InitializeMadCHook() is called before using madCodeHook APIs.
(4) yes. Clean VM. and when I tried on real PC, same problems occured.

I tried Your deomos.
HookProcessCreation & PrintMonitor.
All of those are not working.
HookProcessCreation32.dll and HookPrintAPIs32.dll, are not injected in Genie.exe , Template.exe, Melon.exe .. etc. (All Those are Metro Apps (32bit))

Can I check anything else? :cry:

Additionally, your dlls are not injected some other processes. (ex. rpcss service process (svchost.exe), eventlog service process(svchost.exe)....etc..)
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by madshi »

Oh, Metro apps. You need to add "ALL_APPLICATION_PACKAGES" NTFS access right to your hook dll, afterwards injection should work.
star114
Posts: 6
Joined: Tue Mar 25, 2014 6:48 am

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by star114 »

I already checked "all application packages" access right. my dll has "all application packages" Execute/Read right.
Do I must have any different access rights??

Especially, my 64bit dll injected into MetroApps(64bit apps). (64bit dll is almost same as 32bit dll)
star114
Posts: 6
Joined: Tue Mar 25, 2014 6:48 am

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by star114 »

OMG!

I;m sorry.
Problems have occurred because I changed your code somewhere for Test.


Thank you, your relies!!!
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by madshi »

So everything's working fine now?
star114
Posts: 6
Joined: Tue Mar 25, 2014 6:48 am

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by star114 »

Yes. it's perfect!
Thank you for your help.!
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem : Inject my dll into 32bit process in win 8.1 x6

Post by madshi »

Glad to hear that, and you're welcome.
Post Reply