We have been using 3.1.13 Madshi Driver for system wide injection and recently upgraded to 3.1.18. Post upgrading with one of our customer following is observed.
Driver does not get injected for the application which are launched on double click (i.e. Explore.exe to AcroRd2.exe). For eg, it does not get injected in Adobe Reader if Adobe reader is launcher through double click. (In process explorer we can see explorer.exe is a parent process of AcroRd32.exe)
Works fine if Adobe is started through command prompt (i.e Explore.exe to cmd.exe to AcroRd2.exe).
With 3.1.13 everything works fine at customer end, in both the above case. But in our lab it works fine with both version (3.1.13 &3.1.18).
Customer is having this issue on multiple machines.
We have not been able to identify what could be causing this at customer end. Could you please throw some lights on this? Thanks for help.
I can certainly try to reproduce this odd behavior on my end by downgrading MCH to v3.x and installing Acrobat in order to run some tests. Quick few questions for you, what OS version and Acrobat version is the customer using?
I've downgraded from MCH 4.x to 3.1.8 and have Adobe Acrobat DC installed on a VM running Windows 10 x64 17763, oddly enough it's the same build I run my HLK tests on so I already had it installed.
I'll run some tests today and report back. Thanks for the additional info
My tests are complete, I share the same result as your lab. I didn't experience the issue whatsoever and duplicated the same OS environment, application of interest and MCH version. Perhaps there isWith 3.1.13 everything works fine at customer end, in both the above case. But in our lab it works fine with both version (3.1.13 &3.1.18).
something specific about the user's software profile causing conflict? Hard to say, merely speculating. Explorer however is a fine target for other hooking, especially for operations such
as controlling shell actions (copy, move, rename, delete etc.) so it's possible there is some sort of application level interference specifically with this process when creating child processes.
Again, merely speculation though.