Open sarathy365 opened 5 years ago
wbenny
commented
5 years ago Hi, unfortunatelly, I couldn't reproduce your issue. Could you provide more details? Crashdump, your source code changes, PDBs...
Also, could you please verify if the problem persist with current master branch? I've pushed a fix that resolved #7 and maybe it resolved this issue as well.
sarathy365
commented
5 years ago Tried again with the latest source. Issue persists. Attached the event logs and crash dumps.
Test Machine Detail: Microsoft Windows Version 1703 (OS Build 15063.1387) Microsoft Edge 40.15063.674.0
wbenny
commented
5 years ago Sorry for delayed answer. The reason is Edge uses ProcessDynamicCodePolicy, which prevents injdrv to allocate new executable memory. This is known limitation. I should probably extend this section to make it explicit: https://github.com/wbenny/injdrv#protected-processes
iradization
commented
5 years ago Hi,
I'm using a similar injection technic and also have encountered the same exception code 0xc0000409 (Security check failure or stack buffer overrun)
The affected processes were all related to Microsoft edge (specifically browser_broker.exe , MicrosoftEdgeCP.exe and MicrosoftEdge.exe)
@wbenny , Perhaps you can confirm that all those should be identified using PsIsProtectedProcess method ?
Perhaps there's a way to check if process is protected from PEB or something from windbg ?
And one last insight, it looks like the problem occurs in MicrosoftEdge version 44.18362.1.0 from 2019 but not in version 42.17134.1.0 from 2018... Perhaps do you know if there were any change of behaviour between those 2 versions ?
thanks !
Running InjDrv successfully hooks all process once its' loaded.
But after injection on MicrosoftEdgeCP.exe the Edge browser stalls, and errors thrown at EventLogs. [After loading the driver, close all edge browser windows and open a new edge browser window ]
My Scenario: I want to know all the processes that are opened and want to elegate/delegate some process specifically. InjDrv satisifies the need and it works perfect, except it stalls MicrosoftEdge browser. I have tried by modifying forceUserAPC but still its not working.
Kindly show the way to overcome it.