MCH v3 - confirmed working in Windows 10 1909?
Posted: Tue Apr 14, 2020 10:35 am
I've got the latest version of MadCodeHook v3 that I've compiled and am running on a Windows 10 x64 1909 VM (note, driver is unsigned - running in test mode). I'm seeing some odd behaviour:
- Using Process Explorer to look at the processes running on the machine and the DLL's they've loaded, my hook DLL is not being injected into any process.
- At the same time, I'm running WinDbg on a host PC against the client VM and getting notifications like "this break indicates this binary is not signed correctly: \Device\HarddiskVolume2\Windows\System32\MyHookDll.dll", which indicates that the driver is at least trying to inject the DLL's.
This same hook DLL, and the code that calls InjectLibrarySystemWide etc, has worked previously on Windows 7, though it's been many years since it's been run.
One thing I should clarify - the notification I'm getting from WinDbg is only for 'protected' Windows binaries, not for regular processes that should have no trouble loading a random DLL.
...any clues?
- Using Process Explorer to look at the processes running on the machine and the DLL's they've loaded, my hook DLL is not being injected into any process.
- At the same time, I'm running WinDbg on a host PC against the client VM and getting notifications like "this break indicates this binary is not signed correctly: \Device\HarddiskVolume2\Windows\System32\MyHookDll.dll", which indicates that the driver is at least trying to inject the DLL's.
This same hook DLL, and the code that calls InjectLibrarySystemWide etc, has worked previously on Windows 7, though it's been many years since it's been run.
One thing I should clarify - the notification I'm getting from WinDbg is only for 'protected' Windows binaries, not for regular processes that should have no trouble loading a random DLL.
...any clues?