Edge Code Injection
Re: Edge Code Injection
Oh well. Could it be that some debugging stuff (e.g. Application Verifyer) or some extra agressive security software (e.g. Microsoft's EMET) is active on that VM? Or maybe there's another hooking library active which collides with madCodeHook in some way?
Re: Edge Code Injection
I think this issue is not closed. On Win10 64bit computer my system wide hook dll successfully injected all processes except microsoftedgecp.exe. When I start Microsoft Edge, process explorer shows me one MicrosoftEdge.exe and two MicrosoftEdgeCP.exe processes. MicrosoftEdge.exe and first MicrosoftEdgeCP.exe loaded my injection dll. But second MicrosoftEdgeCP.exe cant load it. I really want to know hooking (socket apis) is still available MS Edge browser ?
Re: Edge Code Injection
It might have been better to start a new thread instead of reviving a 2 year old thread which may or may not be related.
Anyway.
1) Do you start injection first, and Edge afterwards? Or the other way round?
2) Does your hook dll have NTFS read/execute rights for "ALL APPLICATION PACKAGES"?
Anyway.
1) Do you start injection first, and Edge afterwards? Or the other way round?
2) Does your hook dll have NTFS read/execute rights for "ALL APPLICATION PACKAGES"?
Re: Edge Code Injection
Hi madshi, here is the summary
* I have a service running (singed with EV cert).
* My hook dll is under System32 (signed wit same cert)
* Injection is started on windows boot.
* I start Edge.
* In process explorer I can see one MicrosoftEdge.exe process and two MicrosoftEdgeCP.exe process.
* My dll succesfully injected MicrosoftEdge.exe and one of the MicrosoftEdgeCP.exe process. Other MicrosoftEdgeCP.exe not injected.
* Dll has ALL APPLICATION PACKAGES read and read/execute rights.
* Microsoft Edge 38.14393.0.0
* Microsoft EdgeHTML 14.14393
* Windows 10 Pro 1607, 14393.693 64bit
Note : My dll calls OutputDebugString before start hook functions(xxxx.exe injected). In DgbView I can see messages from injected proecesses except MicrosoftEdgeCP.exe and MicrosoftEdge.exe
* I have a service running (singed with EV cert).
* My hook dll is under System32 (signed wit same cert)
* Injection is started on windows boot.
* I start Edge.
* In process explorer I can see one MicrosoftEdge.exe process and two MicrosoftEdgeCP.exe process.
* My dll succesfully injected MicrosoftEdge.exe and one of the MicrosoftEdgeCP.exe process. Other MicrosoftEdgeCP.exe not injected.
* Dll has ALL APPLICATION PACKAGES read and read/execute rights.
* Microsoft Edge 38.14393.0.0
* Microsoft EdgeHTML 14.14393
* Windows 10 Pro 1607, 14393.693 64bit
Note : My dll calls OutputDebugString before start hook functions(xxxx.exe injected). In DgbView I can see messages from injected proecesses except MicrosoftEdgeCP.exe and MicrosoftEdge.exe
Re: Edge Code Injection
Neither your driver nor your hook dll have to be in system32. I'd recommend to keep both in your installation directory, to keep things cleaner. But that's got nothing to do with the problem.
Can you please double check if the same problem also occurs with these two demo projects?
http://madshi.net/PrintMonitor.zip
http://madshi.net/PrintMonitor40.zip
Can you please double check if the same problem also occurs with these two demo projects?
http://madshi.net/PrintMonitor.zip
http://madshi.net/PrintMonitor40.zip
Re: Edge Code Injection
Hi mad.
I tried both demos on my home computer (win10 home). 2 MicrosoftEdgeCP.exe and one MicrosoftEdge.exe process succesfully injected. While testing print preview with Chrome I can get log messages on print monitor. But no log messages for MS edge preview screen. I will test it with printer tomorrow.
I tried both demos on my home computer (win10 home). 2 MicrosoftEdgeCP.exe and one MicrosoftEdge.exe process succesfully injected. While testing print preview with Chrome I can get log messages on print monitor. But no log messages for MS edge preview screen. I will test it with printer tomorrow.
Re: Edge Code Injection
So injection completely succeeds with both demos? In that case the big question is why it succeeds with the demos, but not with your real project. Maybe you can compare the source code to try to find out?