Windows 10 support

c++ / delphi package - dll injection and api hooking

Windows 10 support

Postby nomen » Thu Jul 23, 2015 3:51 pm

Hi all:

Has anyone tried the support for Windows 10?
Is there any problem? Or working properly?

I plan to test my application using https://www.modern.ie/es-es/virtualization-tools but I will not start if there are known bugs ...

Best regards,
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby madshi » Tue Jul 28, 2015 9:51 am

On a quick check it seems that madCodeHook works just fine on Windows 10. However, I've just learned today that Microsoft is changing the way driver signing works in Windows 10, which is pretty ugly, as far as I can see. See more details here:

http://www.osr.com/blog/2015/03/18/micr ... indows-10/
https://www.osr.com/blog/2015/07/24/que ... r-signing/

I'm trying to renew my certificate now (must be today, I guess) for 3 years, so that I don't have to deal with the new Windows 10 driver signing crap for 3 years, at least.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby nomen » Tue Jul 28, 2015 12:00 pm

Hi Madshi:

Thank you for your answer. It's great to know that there are no major problems!

I have test my application using https://www.modern.ie/es-es/virtualization-tools

Everithing seems to work OK but when I restart the system I receive SYSTEM_SERVICE_EXCEPTION error. Se the image.
I don´t know if it is related but this suggests a relationship https://social.technet.microsoft.com/Fo ... windows-10.

Beste regards,

ErrorW10.jpg
SYSTEM_SERVICE_EXCEPTION
ErrorW10.jpg (20.72 KiB) Viewed 4767 times
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby madshi » Tue Jul 28, 2015 2:47 pm

Are you sure this is caused by madCodeHook? Does this only happen if you reboot while the injection is still active? In my tests I didn't run into this problem. However, my demo projects always uninject when you close them.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby nomen » Wed Jul 29, 2015 10:22 am

Hi Madshi:

No, I´m not sure this is caused by madCodeHook. I don´t know how can I know te causes of the error. Do you know where is saved the error info?

Yes, in my case, the reboot is with the injection still active. I will make the test uninjecting before the reboot. Maybe I will try it tomorrow, I have not here the PC I use for tests

Thanks for your help!
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby madshi » Wed Jul 29, 2015 10:39 am

Well, if the problem only occurs when using your madCodeHook test project and never occurs without it, that would indicate that either madCodeHook itself or something in your test project is causing the issue. So that would be the most important thing to try. If it does look like madCodeHook might be at fault, the next step would be to try to unload the driver before rebooting to see if that changes anything.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby nomen » Thu Jul 30, 2015 10:46 pm

Hi Madshi:

I do not know what has happened: I have made a fresh installation of my application on a clean image of Windows 10 and no longer occurs SYSTEM_SERVICE_EXCEPTION error. I restart it about 10 times and no problem.

I saw that the date on which the VMware was created was 2014/10/27. Maybe it is a very preliminar version and it has bugs ....

Someone knows another option to test Windows 10?

I'm sorry I bothered!

Best regards!
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby madshi » Thu Jul 30, 2015 10:56 pm

Sounds good. I've not received any complaints from any other user yet. So I guess there don't seem to be any major problems, at least none known at the moment.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby nomen » Sat Aug 29, 2015 6:48 pm

Hi Madshi:

Did you finally renew the certificate?
You will create a new version of MadCodeHook you when I get ?

Thanks!
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby madshi » Sat Aug 29, 2015 6:52 pm

Renewing the certificate didn't work, I was too late. So I'll have to get an EV certificate when my current one runs out <sigh>.

Currently there's no urgent need for a new madCodeHook build. The official build works fine with Windows 10.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby nomen » Sat Aug 29, 2015 6:55 pm

OK, no problem!
Your work is great!
nomen
 
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Postby dcsoft » Tue Sep 08, 2015 6:03 pm

Thanks for verifying we need an EV certificate. Through the [wmaudiodev] mailing list, I have heard that you can get a very good price from DigiCert. The trick is to go via the Microsoft link to get the 50% discount ...
https://msdn.microsoft.com/en-us/library/windows/hardware/hh801887.aspx
leads here:
https://www.digicert.com/friends/sysdev/

-- David
dcsoft
 
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA

Re: Windows 10 support

Postby madshi » Tue Sep 08, 2015 6:07 pm

These are really nice prices - thanks for the heads-up!

If you get all the signing stuff working, maybe you can create a new thread and sum up how it all works? Fortunately I still have some weeks left before my certificate runs out.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Postby dcsoft » Tue Sep 08, 2015 9:12 pm

You're welcome, I'm glad the EV certificate is affordable. :wink:

But I am starting to get a bit worried after reading https://www.osr.com/blog/2015/07/24/questions-answers-windows-10-driver-signing/

Q: I want to create a single driver package that works for Windows 7 through Windows 10. How can I do that? Currently, the sysdev portal only allows you to select Windows 10 Client x86 and Windows 10 Client x64.
James: This is definitely possible, but you need to use the Hardware Compatibility route (that is, you need to pass the HLK tests). By design, the new “attestation” route only supports Windows 10.


So what does it mean, we can't get a single MadCodeHook driver signed that works with Win 7-10? We need to have a separate driver for Win 10 and another one for Win 7-8?


EDIT: In addition:

Peter: How do we sign drivers that are not necessarily traditionally installed with an INF? For example, kernel services (non PnP software only drivers) or certain filter drivers?
James: This is another issue that we’re treating as a bug internally. The Microsoft signing pipelines are inherently reliant on an INF to determine the correct signing behaviors. The best solution I can offer currently is to create a “dummy” INF that the service can use as an anchor to provide the correct signing.



Madshi: would we just put your renameme32.sys and renameme64.sys into a .cab file and add a 'dummy' .inf file? I wonder what goes into the .inf such that "the service can use as an anchor to provide the correct signing."

What kind of driver is this, anyway? It is a kernel mode driver, but what type?

Thanks,
David
dcsoft
 
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA

Re: Windows 10 support

Postby madshi » Wed Sep 09, 2015 6:54 am

I don't really know that answer to these questions myself. But I've had a madCodeHook user go through this recently and he managed to get it to work somehow. At least that was what I understood from his email. I'll contact him and ask for more information.
madshi
Site Admin
 
Posts: 9269
Joined: Sun Mar 21, 2004 5:25 pm

Next

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 4 guests