Page 1 of 1

Driver injection fails for the apps if launched via explorer

Posted: Mon Dec 30, 2019 7:56 am
by shibliseclore
Hi,

We have been using 3.1.13 Madshi Driver for system wide injection and recently upgraded to 3.1.18. Post upgrading with one of our customer following is observed.

Driver does not get injected for the application which are launched on double click (i.e. Explore.exe to AcroRd2.exe). For eg, it does not get injected in Adobe Reader if Adobe reader is launcher through double click. (In process explorer we can see explorer.exe is a parent process of AcroRd32.exe)
Works fine if Adobe is started through command prompt (i.e Explore.exe to cmd.exe to AcroRd2.exe).

With 3.1.13 everything works fine at customer end, in both the above case. But in our lab it works fine with both version (3.1.13 &3.1.18).

Customer is having this issue on multiple machines.

We have not been able to identify what could be causing this at customer end. Could you please throw some lights on this? Thanks for help.

Re: Driver injection fails for the apps if launched via expl

Posted: Mon Dec 30, 2019 4:53 pm
by iconic
Hello,

I can certainly try to reproduce this odd behavior on my end by downgrading MCH to v3.x and installing Acrobat in order to run some tests. Quick few questions for you, what OS version and Acrobat version is the customer using?

--Iconic

Re: Driver injection fails for the apps if launched via expl

Posted: Thu Jan 02, 2020 9:00 am
by shibliseclore
Adobe Reader version is Adobe Reader DC. OS Name Microsoft Windows 10 Enterprise Version 10.0.17763 Build 17763

Re: Driver injection fails for the apps if launched via expl

Posted: Fri Jan 03, 2020 4:11 am
by iconic
Thanks. Is that Win 10 x64 or 32-bit?

—Iconic

Re: Driver injection fails for the apps if launched via expl

Posted: Tue Jan 07, 2020 10:32 am
by shibliseclore
It is x64.

Re: Driver injection fails for the apps if launched via expl

Posted: Wed Jan 08, 2020 6:04 pm
by iconic
Hello,

I've downgraded from MCH 4.x to 3.1.8 and have Adobe Acrobat DC installed on a VM running Windows 10 x64 17763, oddly enough it's the same build I run my HLK tests on so I already had it installed.
I'll run some tests today and report back. Thanks for the additional info

--Iconic

Re: Driver injection fails for the apps if launched via expl

Posted: Thu Jan 09, 2020 7:07 pm
by iconic
With 3.1.13 everything works fine at customer end, in both the above case. But in our lab it works fine with both version (3.1.13 &3.1.18).
My tests are complete, I share the same result as your lab. I didn't experience the issue whatsoever and duplicated the same OS environment, application of interest and MCH version. Perhaps there is
something specific about the user's software profile causing conflict? Hard to say, merely speculating. Explorer however is a fine target for other hooking, especially for operations such
as controlling shell actions (copy, move, rename, delete etc.) so it's possible there is some sort of application level interference specifically with this process when creating child processes.

Again, merely speculation though.

--Iconic