MCH v3 - confirmed working in Windows 10 1909?

c++ / delphi package - dll injection and api hooking
Post Reply
smask
Posts: 3
Joined: Tue Apr 07, 2020 11:39 am

MCH v3 - confirmed working in Windows 10 1909?

Post by smask »

I've got the latest version of MadCodeHook v3 that I've compiled and am running on a Windows 10 x64 1909 VM (note, driver is unsigned - running in test mode). I'm seeing some odd behaviour:

- Using Process Explorer to look at the processes running on the machine and the DLL's they've loaded, my hook DLL is not being injected into any process.

- At the same time, I'm running WinDbg on a host PC against the client VM and getting notifications like "this break indicates this binary is not signed correctly: \Device\HarddiskVolume2\Windows\System32\MyHookDll.dll", which indicates that the driver is at least trying to inject the DLL's.

This same hook DLL, and the code that calls InjectLibrarySystemWide etc, has worked previously on Windows 7, though it's been many years since it's been run.

One thing I should clarify - the notification I'm getting from WinDbg is only for 'protected' Windows binaries, not for regular processes that should have no trouble loading a random DLL.

...any clues?
smask
Posts: 3
Joined: Tue Apr 07, 2020 11:39 am

Re: MCH v3 - confirmed working in Windows 10 1909?

Post by smask »

Please disregard - the hook DLL was failing at the LoadLibrary call due to some code in DllMain() that doesn't work in Windows 10.
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: MCH v3 - confirmed working in Windows 10 1909?

Post by iconic »

Thanks for following back up. Glad to hear your issue is resolved and doesn't directly relate to MCH :D

--Iconic
Post Reply