Windows XP - Injection doesn't work
Windows XP - Injection doesn't work
Recently, when we try injection on Windows XP using MadCodeHook, we confirmed that injection fails with very high probability.
OS: Windows XP SP3
MCH : madCollection 2.8.8.9(beta)
Symptom 1: It is not injected into the processes already in place, but then injected into the processes that are executed (though, irregularly failed).
=> For example, firefox.exe:failed, notepad+.exe: succssed, conemu.exe: successed
Symptom 2: No injections to the processes already in place, and little injections to the processes that are subsequently executed
The DLL/SYS file used was attached to a link; driver name => iMonLOPE1021
p.s: There has been no official update for a year, is there an update schedule?
https://drive.google.com/file/d/1YtblZG ... sp=sharing
OS: Windows XP SP3
MCH : madCollection 2.8.8.9(beta)
Symptom 1: It is not injected into the processes already in place, but then injected into the processes that are executed (though, irregularly failed).
=> For example, firefox.exe:failed, notepad+.exe: succssed, conemu.exe: successed
Symptom 2: No injections to the processes already in place, and little injections to the processes that are subsequently executed
The DLL/SYS file used was attached to a link; driver name => iMonLOPE1021
p.s: There has been no official update for a year, is there an update schedule?
https://drive.google.com/file/d/1YtblZG ... sp=sharing
Re: Windows XP - Injection doesn't work
Hello,
What flags are you using for InjectLibrary()?
—Iconic
What flags are you using for InjectLibrary()?
—Iconic
Re: Windows XP - Injection doesn't work
i use below options
all session
system process include
running process include injection
no include mask
some exclude mask( smss.exe wininit.exe etc.... )
all session
system process include
running process include injection
no include mask
some exclude mask( smss.exe wininit.exe etc.... )
Re: Windows XP - Injection doesn't work
This is only happening on XP? Have you tested above XP?
—Iconic
—Iconic
Re: Windows XP - Injection doesn't work
There's going to be a new update pretty soon, but there are no changes planned for XP atm. Nobody else reported injection problems on XP so far, from what I recall.
Please try giving "Everyone" NTFS read&execute rights to the hook dll, just as a quick test.
Please try giving "Everyone" NTFS read&execute rights to the hook dll, just as a quick test.
Re: Windows XP - Injection doesn't work
Yes, This is only Windows XP.
Vista ~ Windows 10 works well. ( both of x86 and x64 )
below these options which i use
isInjectToSystemProcesses = true
ispermanent = false
isinjectometroapps = true
isuseIATPatching = false
isSystemWide = true
IncludeMask = *
ExcludeMask = GetModuleList-x64.exe|iMonLope_SVC.exe|*\windows\incops3\ictray64.exe|iMonLope_UI-DBG.exe|*\windows\incops3\icdi.exe|*\windows\incops3\icdcmgr64.exe|*\windows\incops3\incops3.exe|iMonTerminator.exe|*\windows\incops3\icdi64.exe|GetActiveXInfos-x64.exe|*\windows\incops3\icdcmgr.exe|*\windows\incops3\ictray.exe|xcacls.exe|iMonInjector-x86.exe|iMonLope_UI.exe|iMonInjector-x64.exe|*\windows\incops3\ictrigger64.exe|*\windows\incops3\ictrigger.exe|*\windows\incops3\esshmwow.exe|*\windows\incops3\incops364.exe|*\windows\incops3\icview.exe|
Vista ~ Windows 10 works well. ( both of x86 and x64 )
below these options which i use
isInjectToSystemProcesses = true
ispermanent = false
isinjectometroapps = true
isuseIATPatching = false
isSystemWide = true
IncludeMask = *
ExcludeMask = GetModuleList-x64.exe|iMonLope_SVC.exe|*\windows\incops3\ictray64.exe|iMonLope_UI-DBG.exe|*\windows\incops3\icdi.exe|*\windows\incops3\icdcmgr64.exe|*\windows\incops3\incops3.exe|iMonTerminator.exe|*\windows\incops3\icdi64.exe|GetActiveXInfos-x64.exe|*\windows\incops3\icdcmgr.exe|*\windows\incops3\ictray.exe|xcacls.exe|iMonInjector-x86.exe|iMonLope_UI.exe|iMonInjector-x64.exe|*\windows\incops3\ictrigger64.exe|*\windows\incops3\ictrigger.exe|*\windows\incops3\esshmwow.exe|*\windows\incops3\incops364.exe|*\windows\incops3\icview.exe|
Re: Windows XP - Injection doesn't work
Thanks for the additional info. If you have some time can you try clearing the include and exclude masks, simply don’t set them at all. I’m curious to see if without inclusions and exclusions if your problem disappears. Thanks
—Iconic
—Iconic
Re: Windows XP - Injection doesn't work
and, i test with any setting include mask / excludemask on windows xp.
and sam result.
and sam result.
Re: Windows XP - Injection doesn't work
Ok,
I'll attempt to reproduce the issue this weekend and will get back with you as soon as possible. Which version of MCH are you using and also what language (c++ or Delphi)?
--Iconic
I'll attempt to reproduce the issue this weekend and will get back with you as soon as possible. Which version of MCH are you using and also what language (c++ or Delphi)?
--Iconic
Re: Windows XP - Injection doesn't work
i use msvc 2015 with update 3( c++ ), and mch 4.1.2+( mch beta, madcollection 2.8.8.9 , because of approvalcallback )
Re: Windows XP - Injection doesn't work
Hello,
I had some time today to run the XP test with MCH system-wide injection and everything worked as expected here. I used the exact same OS version, madCollection beta version as well as MSVC version (2015 Community Edition). Already running processes were properly injected and any newly created processes were also injected just fine for me. I ran the following series of tests:
[1] Regular injection (no approval callback)
[2] IAT injection (no approval callback)
[3] Regular injection + Approval callback
[4] IAT injection + Approval callback
Can you please upload and link us to a complete vcproj that you've created?
--Iconic
I had some time today to run the XP test with MCH system-wide injection and everything worked as expected here. I used the exact same OS version, madCollection beta version as well as MSVC version (2015 Community Edition). Already running processes were properly injected and any newly created processes were also injected just fine for me. I ran the following series of tests:
[1] Regular injection (no approval callback)
[2] IAT injection (no approval callback)
[3] Regular injection + Approval callback
[4] IAT injection + Approval callback
Can you please upload and link us to a complete vcproj that you've created?
--Iconic