I've got the latest version of MadCodeHook v3 that I've compiled and am running on a Windows 10 x64 1909 VM (note, driver is unsigned - running in test mode). I'm seeing some odd behaviour:
- Using Process Explorer to look at the processes running on the machine and the DLL's they've loaded, my hook DLL is not being injected into any process.
- At the same time, I'm running WinDbg on a host PC against the client VM and getting notifications like "this break indicates this binary is not signed correctly: \Device\HarddiskVolume2\Windows\System32\MyHookDll.dll", which indicates that the driver is at least trying to inject the DLL's.
This same hook DLL, and the code that calls InjectLibrarySystemWide etc, has worked previously on Windows 7, though it's been many years since it's been run.
One thing I should clarify - the notification I'm getting from WinDbg is only for 'protected' Windows binaries, not for regular processes that should have no trouble loading a random DLL.
...any clues?
MCH v3 - confirmed working in Windows 10 1909?
Re: MCH v3 - confirmed working in Windows 10 1909?
Please disregard - the hook DLL was failing at the LoadLibrary call due to some code in DllMain() that doesn't work in Windows 10.
Re: MCH v3 - confirmed working in Windows 10 1909?
Thanks for following back up. Glad to hear your issue is resolved and doesn't directly relate to MCH
--Iconic
--Iconic