MCH v3 - confirmed working in Windows 10 1909?

c++ / delphi package - dll injection and api hooking

MCH v3 - confirmed working in Windows 10 1909?

Postby smask » Tue Apr 14, 2020 10:35 am

I've got the latest version of MadCodeHook v3 that I've compiled and am running on a Windows 10 x64 1909 VM (note, driver is unsigned - running in test mode). I'm seeing some odd behaviour:

- Using Process Explorer to look at the processes running on the machine and the DLL's they've loaded, my hook DLL is not being injected into any process.

- At the same time, I'm running WinDbg on a host PC against the client VM and getting notifications like "this break indicates this binary is not signed correctly: \Device\HarddiskVolume2\Windows\System32\MyHookDll.dll", which indicates that the driver is at least trying to inject the DLL's.

This same hook DLL, and the code that calls InjectLibrarySystemWide etc, has worked previously on Windows 7, though it's been many years since it's been run.

One thing I should clarify - the notification I'm getting from WinDbg is only for 'protected' Windows binaries, not for regular processes that should have no trouble loading a random DLL.

...any clues?
smask
 
Posts: 3
Joined: Tue Apr 07, 2020 11:39 am

Re: MCH v3 - confirmed working in Windows 10 1909?

Postby smask » Tue Apr 14, 2020 12:51 pm

Please disregard - the hook DLL was failing at the LoadLibrary call due to some code in DllMain() that doesn't work in Windows 10.
smask
 
Posts: 3
Joined: Tue Apr 07, 2020 11:39 am

Re: MCH v3 - confirmed working in Windows 10 1909?

Postby iconic » Tue Apr 14, 2020 6:40 pm

Thanks for following back up. Glad to hear your issue is resolved and doesn't directly relate to MCH :D

--Iconic
iconic
Site Admin
 
Posts: 966
Joined: Wed Jun 08, 2005 5:08 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 22 guests

cron