Windows 10 support

c++ / delphi package - dll injection and api hooking
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Windows 10 support

Post by nomen »

Hi all:

Has anyone tried the support for Windows 10?
Is there any problem? Or working properly?

I plan to test my application using https://www.modern.ie/es-es/virtualization-tools but I will not start if there are known bugs ...

Best regards,
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

On a quick check it seems that madCodeHook works just fine on Windows 10. However, I've just learned today that Microsoft is changing the way driver signing works in Windows 10, which is pretty ugly, as far as I can see. See more details here:

http://www.osr.com/blog/2015/03/18/micr ... indows-10/
https://www.osr.com/blog/2015/07/24/que ... r-signing/

I'm trying to renew my certificate now (must be today, I guess) for 3 years, so that I don't have to deal with the new Windows 10 driver signing crap for 3 years, at least.
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Post by nomen »

Hi Madshi:

Thank you for your answer. It's great to know that there are no major problems!

I have test my application using https://www.modern.ie/es-es/virtualization-tools

Everithing seems to work OK but when I restart the system I receive SYSTEM_SERVICE_EXCEPTION error. Se the image.
I don´t know if it is related but this suggests a relationship https://social.technet.microsoft.com/Fo ... windows-10.

Beste regards,
SYSTEM_SERVICE_EXCEPTION
SYSTEM_SERVICE_EXCEPTION
ErrorW10.jpg (20.69 KiB) Viewed 26790 times
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

Are you sure this is caused by madCodeHook? Does this only happen if you reboot while the injection is still active? In my tests I didn't run into this problem. However, my demo projects always uninject when you close them.
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Post by nomen »

Hi Madshi:

No, I´m not sure this is caused by madCodeHook. I don´t know how can I know te causes of the error. Do you know where is saved the error info?

Yes, in my case, the reboot is with the injection still active. I will make the test uninjecting before the reboot. Maybe I will try it tomorrow, I have not here the PC I use for tests

Thanks for your help!
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

Well, if the problem only occurs when using your madCodeHook test project and never occurs without it, that would indicate that either madCodeHook itself or something in your test project is causing the issue. So that would be the most important thing to try. If it does look like madCodeHook might be at fault, the next step would be to try to unload the driver before rebooting to see if that changes anything.
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Post by nomen »

Hi Madshi:

I do not know what has happened: I have made a fresh installation of my application on a clean image of Windows 10 and no longer occurs SYSTEM_SERVICE_EXCEPTION error. I restart it about 10 times and no problem.

I saw that the date on which the VMware was created was 2014/10/27. Maybe it is a very preliminar version and it has bugs ....

Someone knows another option to test Windows 10?

I'm sorry I bothered!

Best regards!
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

Sounds good. I've not received any complaints from any other user yet. So I guess there don't seem to be any major problems, at least none known at the moment.
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Post by nomen »

Hi Madshi:

Did you finally renew the certificate?
You will create a new version of MadCodeHook you when I get ?

Thanks!
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

Renewing the certificate didn't work, I was too late. So I'll have to get an EV certificate when my current one runs out <sigh>.

Currently there's no urgent need for a new madCodeHook build. The official build works fine with Windows 10.
nomen
Posts: 48
Joined: Wed Jun 25, 2008 7:15 am

Re: Windows 10 support

Post by nomen »

OK, no problem!
Your work is great!
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:

Re: Windows 10 support

Post by dcsoft »

Thanks for verifying we need an EV certificate. Through the [wmaudiodev] mailing list, I have heard that you can get a very good price from DigiCert. The trick is to go via the Microsoft link to get the 50% discount ...
https://msdn.microsoft.com/en-us/librar ... 01887.aspx
leads here:
https://www.digicert.com/friends/sysdev/

-- David
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

These are really nice prices - thanks for the heads-up!

If you get all the signing stuff working, maybe you can create a new thread and sum up how it all works? Fortunately I still have some weeks left before my certificate runs out.
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:

Re: Windows 10 support

Post by dcsoft »

You're welcome, I'm glad the EV certificate is affordable. :wink:

But I am starting to get a bit worried after reading https://www.osr.com/blog/2015/07/24/que ... r-signing/
Q: I want to create a single driver package that works for Windows 7 through Windows 10. How can I do that? Currently, the sysdev portal only allows you to select Windows 10 Client x86 and Windows 10 Client x64.
James: This is definitely possible, but you need to use the Hardware Compatibility route (that is, you need to pass the HLK tests). By design, the new “attestation” route only supports Windows 10.
So what does it mean, we can't get a single MadCodeHook driver signed that works with Win 7-10? We need to have a separate driver for Win 10 and another one for Win 7-8?


EDIT: In addition:
Peter: How do we sign drivers that are not necessarily traditionally installed with an INF? For example, kernel services (non PnP software only drivers) or certain filter drivers?
James: This is another issue that we’re treating as a bug internally. The Microsoft signing pipelines are inherently reliant on an INF to determine the correct signing behaviors. The best solution I can offer currently is to create a “dummy” INF that the service can use as an anchor to provide the correct signing.

Madshi: would we just put your renameme32.sys and renameme64.sys into a .cab file and add a 'dummy' .inf file? I wonder what goes into the .inf such that "the service can use as an anchor to provide the correct signing."

What kind of driver is this, anyway? It is a kernel mode driver, but what type?

Thanks,
David
madshi
Site Admin
Posts: 10387
Joined: Sun Mar 21, 2004 5:25 pm

Re: Windows 10 support

Post by madshi »

I don't really know that answer to these questions myself. But I've had a madCodeHook user go through this recently and he managed to get it to work somehow. At least that was what I understood from his email. I'll contact him and ask for more information.
Post Reply