madshi.net

Hi,

Any idea on support for Windows 11? Looks like there are a lot of security updates which may affect hooking.

m

Do you have a link which describes those security updates? I've most only seen GUI improvements being mentioned, and cutting of old hardware support and cutting of 32bit support.

I am not a security expert but here are a few links where they make mention of it


https://www.microsoft.com/security/blog ... the-cloud/

https://blogs.windows.com/windows-insid ... uirements/

https://www.thewindowsclub.com/new-secu ... windows-11

https://www.tomsguide.com/news/windows- ... w-to-check

Some/most of these things are already available in Windows 10 to some extent. E.g. TPM 2.0 and SecureBoot are already supported by Windows 10, just not required. But I don't think they have any effect on madCodeHook. Except that SecureBoot randomly comes with the requirement to use EV certificates for driver signing.

They mention hardware-enforced stack protection, by which they probably mean CET, but that's already included in the latest Windows 10 build, and madCodeHook has recently been updated to support CET.

They mention a "Microsoft Pluton security processor", no idea what that is and whether it would impact madCodeHook in any way.

"Secured-core PCs" sounds like a protection for the BIOS etc, which is "nice", but doesn't have anything to do with madCodeHook.

Overall, I'm not too scared just yet, but let's wait and see.

I have tested our product on the latest Windows 11 Insider Preview build and the injection, hooking & IPC all seem to work as expected.

Sounds good, thanks for the heads-up.

Also, to aid in testing without needing Microsoft Certification for every build (although you still need the drivers signed by an EV code signing), you can bypass the Secure Boot check in Windows 11. That is how I run my test builds under Windows 11.

Follow these instructions to bypass the Secure Boot check:

• Open Registry Editor.

• Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup.

• From the left-hand side right-click on the Setup registry key and choose New > key and name it as “LabConfig”.

• Next right click on the LabConfig registry key and choose New > DWORD (32-bit value) and name it as BypassSecureBootCheck DWORD.

• Double click on the BypassSecureBootCheck DWORD and set the value as 1 and click on OK.

• Now restart the system and try and run your DLL injection process.

Great - thanks!