MCH3: Chrome and MIXTURE_MODE

c++ / delphi package - dll injection and api hooking

MCH3: Chrome and MIXTURE_MODE

Postby EaSy » Tue Jan 03, 2017 8:21 am

Hi,
originally I investigated an issue with Bitdefender and chrome failing to start while hooking NtOpenProcess or NtCreateFile. Later i realized, that Bitdefender does nothing bad. Its hooks are just forcing MCH to use MIXTURE_MODE instead of default hooking. Once I disabled Bitdefender and set flag MIXTURE_MODE to force using mixture mode chrome is failing to start again showing only black tabs. There is definitely a problem in chrome while using MCH's MIXTURE_MODE.

It look like everything was success, import and export tables are all patched, but somehow chrome doesn't load properly. What is wrong?
All I know is that the problem is happening in the MAIN chrome process. Other chrome child subprocesses seems to be OK with MIXTURE_MODE. :?
Our testing hooks are only using minimum code like return orig(params).
I am using W10 x64, but i think that OS is not important.
I am using latest beta version of MCH3 downloaded in viewtopic.php?f=7&t=28273.

I was able to do a workaround using FOLLOW_JMP. It helps to bypass Bitdefender's jmp hooks that cause to use MIXTURE_MODE. But that is not a pernament solution, or is it? :)

Can you try to look into this? Do you need more info? Thx.

PP
EaSy
 
Posts: 125
Joined: Tue Oct 23, 2012 12:33 pm

Re: MCH3: Chrome and MIXTURE_MODE

Postby madshi » Tue Jan 03, 2017 1:29 pm

I'm actually considering switching to FOLLOW_JMP by default. I've not done that yet because there are some further tweaks planned for FOLLOW_JMP to make it even better than it already is, and I didn't want to change a solution which seemed to work decent in the past with a new solution which might not have been tested as much yet. But I know that several madCodeHook users are already using FOLLOW_JMP and it works well for them. So IMHO you can simply switch FOLLOW_JMP and be done with it.

The main problem with FOLLOW_JMP is that you're not hooking the target API, anymore, but the other hooking library's callback function. Which means that if the other hooking library unhooks, your hooks will not work any longer, either. Other than that, FOLLOW_JMP should work pretty well...
madshi
Site Admin
 
Posts: 9142
Joined: Sun Mar 21, 2004 5:25 pm

Re: MCH3: Chrome and MIXTURE_MODE

Postby EaSy » Wed Jan 04, 2017 7:46 am

OK,
we will use FOLLOW_JMP in this case.

Do you plan to check why the MIXTURE_MODE breaks chrome startup?

PP
EaSy
 
Posts: 125
Joined: Tue Oct 23, 2012 12:33 pm

Re: MCH3: Chrome and MIXTURE_MODE

Postby madshi » Wed Jan 04, 2017 8:59 am

I'm not sure if I need to, cause MIXTURE_MODE will probably be disabled in the near future.
madshi
Site Admin
 
Posts: 9142
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests