Page 1 of 1

Edge goes high CPU when injected via user-mode

PostPosted: Thu Jan 11, 2018 11:47 pm
by choochy2003
I have an issue at the moment, on some Windows 10 Fall Creators Update machines, where after our DLL is injected into Microsoft Edge it uses a really high amount of CPU (between 80-100%). This happens via the user-mode injection when Edge is already started and we start our product. If Edge starts later and the kernel injection kicks in, it does not have a problem.

The strange thing is that this behaviour does not happen on all similar systems, and looking at ProcMon Edge is in a loop access a set of registry keys. Where it normally accesses a few hundred registry values without our DLL injected, it is access the same 20 values millions of times a minute, which is where I think the CPU usage might be coming from.

The versions of our product's that I can reproduce this issue with, span back a number of MadCodeHook releases, so its nothing new.

Just wondering if anyone else has seen a similar issue?

Re: Edge goes high CPU when injected via user-mode

PostPosted: Fri Jan 12, 2018 2:53 am
by choochy2003
It looks like it might not specifically have to do with just the injection itself. If I disable all the hooks inside the DLL, the issue also doesn't occur. However, it doesn't matter which API I hook, hooking any single API will cause this issue. So its a combination of a user-mode injected DLL hooking any API.

Re: Edge goes high CPU when injected via user-mode

PostPosted: Fri Jan 12, 2018 8:18 am
by madshi
I've never seen any issue like this. Which registry keys is it accessing again and again in a loop, and do you happen to have a thread callstack?

I suppose you've already tested with the latest madCodeHook builds (released late December 2017)?

Might make sense to double check with one of the demo projects compiled by me, just to make extra sure it's unrelated to your specific code and your linker/compiler settings etc:

http://madshi.net/PrintMonitor.zip