MCH 4 Chrome & Follow_jmp
Posted: Wed Mar 01, 2017 5:00 pm
Hi everyone,
Mch4 in windows10 (aniversary with secure boot disabled), has the same behavior described in the thread viewtopic.php?f=7&t=28319
if the antivirus (symantec EndPoint Protection 12.1.16) and chrome (56.0.2924.87 (Official build) (64 bits)) are present, the FOLLOW_JMP flag resolves the issue of black tabs. The problem is with the uninject method. Leaves some threads injected. I have tried the uninjectcallback with same results. With windbg i can see that the DLL_PROCESS_DETACH is not called in these threads...
Can be the limit of 10 jumps in FOLLOW_JPM?
Mch4 in windows10 (aniversary with secure boot disabled), has the same behavior described in the thread viewtopic.php?f=7&t=28319
if the antivirus (symantec EndPoint Protection 12.1.16) and chrome (56.0.2924.87 (Official build) (64 bits)) are present, the FOLLOW_JMP flag resolves the issue of black tabs. The problem is with the uninject method. Leaves some threads injected. I have tried the uninjectcallback with same results. With windbg i can see that the DLL_PROCESS_DETACH is not called in these threads...
Can be the limit of 10 jumps in FOLLOW_JPM?