Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DetourCreateProcessWithDll(),DetourCreateProcessWithDlls(),DetourCreateProcessWithDllEx() bug or something else. #333

Open
wineggdrop opened this issue Jan 11, 2025 · 0 comments
Labels

Comments

@wineggdrop
Copy link

wineggdrop commented Jan 11, 2025

Test Environment: Windows 10 Enterprise LTSC 2015,Windows 10 Enterprise LTSC 20121 and Windows Server 2019
detour Vertion : Latest
UAC: Enable
Logon : Administrators group user(Not RID 500 account)
Test : Using DetourCreateProcessWithDll() ,DetourCreateProcessWithDlls() or DetourCreateProcessWithDllEx() to create a console loader program(just like the sample of withdll.exe) to run notepad.exe and inject my test dll into notepad.exe.

  1. Right click on cmd.exe and select 'Run As Administrator",Click "Yes" on consent windows.
    Result(Success): loader's output suggests DetourCreateProcessWithDll success and test dll is loaded into notepad.exe(check by process hacker and tasklist)

  2. Run task manager either by select 'Run As Administrator" or by right click on taskbar and run task manager)
    Run cmd.exe under task manager by "Run New Task" and check "Create this task with administrative privileges"
    Result(Failure): loader's output suggest DetourCreateProcessWithDll success but test dll won't load into notepad.exe(check by process hacker and tasklist)

3.Run task manager either by select 'Run As Administrator" or by right click on taskbar and run task manager)
Run cmd.exe under task manager And un-check "Create this task with administrative privileges"
Result(Success): loader's output suggest DetourCreateProcessWithDll success and test dll is loaded into notepad.exe(check by process hacker and tasklist)

I have no idea why Test 2 fails. cmd.exe privileges in Test 2 is idential as Test 1(compares with whoami.exe and process hacker),even Test 3 in non elevated privilege,it succeed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant