I've built a software which hooks WinInet in Microsoft Edge using madCodeHook. This worked fine until the new Windows 10 update, where it seems like Edge won't accept any third party DLLs anymore. I've found this Blogpost regarding the issue:
http://blogs.windows.com/msedgedev/2015 ... integrity/
They describe that:
I've had a deeper look what's happening. I noticed that my DLL stays loaded in the main process MicrosoftEdge.exe but not in the renderer processes MicrosoftEdgeCP.exe.Starting with EdgeHTML 13, Microsoft Edge defends the user’s browsing experience by blocking injection of DLLs into the browser unless they are Windows components or signed device drivers. DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. “Microsoft-signed” allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work.
When loading the module in the renderer process I notice this:
Code: Select all
ModLoad: 754f0000 7551f000 C:\WINDOWS\system32\IMM32.DLL
inetcore\lib\codeintegrity\edgecipolicy.cxx(363)\MicrosoftEdgeCP.exe!00C44766: (caller: 00C43DD1) FailFast(1) tid(1078) 8000FFFF Schwerwiegender Fehler
(7e8.1078): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
*** ERROR: Module load completed but symbols could not be loaded for MicrosoftEdgeCP.exe
eax=00000001 ebx=00c44700 ecx=00000007 edx=00000000 esi=00000004 edi=00000000
eip=00c45977 esp=0014e680 ebp=0014fb50 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
MicrosoftEdgeCP+0x5977:
00c45977 cd29 int 29h
0:000> g
WARNING: Continuing a non-continuable exception
>>>>>>> ModLoad: 64950000 649b7000 C:\Program Files\MyPath\MyDLL.dll <<<<<<<<<<<<
ModLoad: 753e0000 75472000 C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 73dd0000 73df8000 C:\WINDOWS\SYSTEM32\ntmarta.dll
(7e8.1078): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
eax=00000001 ebx=00c44700 ecx=00000007 edx=00000000 esi=00000004 edi=00000000
eip=00c45977 esp=0014e680 ebp=0014fb50 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
MicrosoftEdgeCP+0x5977:
00c45977 cd29 int 29h
It seems like the codeintegrity check refuses MyDLL.
- Do you see any possibility to get a DLL injected with the new changes in Edge?
- Do you have any idea what I could try to get it injected?
- Would it be an option to get the DLL WHQL signed? They mention that WHQL signed binaries will still be accepted, but I have no experience with WHQL.