DLL Patching or DLL injection? about chrome-developer-mode-extension-warning-patcher HOT 14 CLOSED

It used to patch the chrome.dll file in the installation directory, but because of Widevine restrictions (used by Netflix for instance), it is now actually a DLL injector. A DLL that patches the chrome.dll during runtime is now injected.
Thus, the injector remains installed when there is a new update, but sometimes the patterns become outdated, so that the injector has to be reinstalled.

from chrome-developer-mode-extension-warning-patcher.

Thanks for the fast response. Now I understand how it's supposed to work.
Great work. Keep it up 👍

from chrome-developer-mode-extension-warning-patcher.

I've read a little bit about Widevine and I am a little bit curios about its restrictions that had an impact on the program's previous patching method (permanent patching).
So does permanently patching the DLL now makes the browser crash or is it just ineffective?

from chrome-developer-mode-extension-warning-patcher.

Widevine apparently detects that the digital signature or hash of the dll file is incorrect, because something has changed. This results in the browser not being able to play Widevine protected videos.

from chrome-developer-mode-extension-warning-patcher.

I'm trying to make another workaround which consists of modifying the process memory and patching the bytes so it doesn't require dll injection.

The approach is like this

For each browser process :

1. OpenProcess()
2. Find the module
3. Search for sig pattern and get its address
4. ChangeProtection() to ExecuteReadWrite
5. WriteProcessMemory() (patch original value from 0x04 to 0xFF)
6. ChangeProtection() to old protection

However, doing bytes comparison before/after patching shows that processes seems to be reverting back to original values for some reason. And some of the processes stop changing back after the "Disable developer mode extenstion" dialog appears.
Do you have any idea about this issue? Or why it's not working?

from chrome-developer-mode-extension-warning-patcher.

You're probably doing something wrong. The code in memory should be read-only protected and it doesn't just change it back to its old values.
Also, modifying it externally is probably even slower or isn't it?

from chrome-developer-mode-extension-warning-patcher.

I'm using Memory.dll project (mostly used for game cheats) to modify process memory values.
Yes, the memory is read-only protected but the protection can be changed to read-write-execute. Thus make it possible to alter the values and patch them.
Well, I didn't benchmark it yet, but i think patching bytes in memory is easier than working with DLLs and injectors (less code to care about).
The reverting back issue is now fixed (seems like it was caused by FreezeValue() method in Memory.dll). Now using WriteProcessMemory() directly.

The logs shows the following :

Each found process :
[+] Found Process 9284
[+] Module Address (msedge.dll) : 0x7FFFC2D50000
[+] Pattern address 0x7FFFC9AB6F00
[+] BEFORE : 56 48 83 EC 20 48 89 D6 48 89 D1 E8 D0 21 4F F9 83 F8 (4) 74
[+] AFTER : 56 48 83 EC 20 48 89 D6 48 89 D1 E8 D0 21 4F F9 83 F8 (FF) 74

Hitting the process again (after patching) shows :
[+] Found Process 9284
[+] Module Address (msedge.dll) : 0x7FFFC2D50000
[+] Pattern address 0x7FFFC9AB6F00
[+] Pattern already edited
56 48 83 EC 20 48 89 D6 48 89 D1 E8 D0 21 4F F9 83 F8 (FF) 74

Above logs clearly shows that the patch has been applied by changing the 0x04 to 0xFF. However the dialog still appears for some reason! Do you have any idea why that is happening?

from chrome-developer-mode-extension-warning-patcher.

I think you might like https://github.com/DarthTon/Blackbone
Are you patching it fast enough? It needs to be patched before the function is executed, of course. Debug it and set a breakpoint to test this

from chrome-developer-mode-extension-warning-patcher.

Oh, I didn't know that the patch has to be applied before the function is executed.
Right now I'm listening for processes spawn using TraceEventSession, suspending the browser processes threads when it's detected, patching it then resuming the threads. But it seems like it doesn't get suspended fast enough because the dialog still appears. At least now I know that the issue is not patching fast enough.
I tried to patch the DLL file directly (msedge.dll), started the browser, dumped the process memory and made sure the DLL is loaded patched and it was (the bytes where loaded patched), but the dialog didn't disappear.
Do you have any idea about this issue?

from chrome-developer-mode-extension-warning-patcher.

No, try debugging it as I have suggested. Also, my patcher doesn't seem to be working anymore for Edge, which I haven't noticed until now (looks like it's not because of invalid patterns). I'm fixing it now, maybe then you can figure it out

from chrome-developer-mode-extension-warning-patcher.

I'm losing my mind. I loaded an external (non webstore) extension with --load-extension flag in Google Chrome, Brave and Opera and no warning dialog appeared at all!
I suspected that something is wrong with my browsers so I started a clean Windows 10 VM then installed Chrome, Brave and Opera and the same happened. No dialog was shown at all! Which is very very weird!

Can you confirm this behavior with the latest browsers versions?

• Chrome version 87.0.4280.88 (Official Build) (64-bit)
• Opera version:73.0.3856.284 (Official Build) (64-bit)
• Brave 1.18.77 Chromium: 87.0.4280.101 (Official Build) (64-bit)

from chrome-developer-mode-extension-warning-patcher.

No, I'm not customer support for your projects, but I load external extensions with developer mode in chrome://extensions and there you can add an unpacked extension.

from chrome-developer-mode-extension-warning-patcher.

Well, sorry about the amount of questions I asked if they bothered you, I know, some of them are not related to the issue itself.
I'm just trying to understand the patching process and why it's done like this since I have no experience with Chromium or how it works and why the current patching process makes it possible to disable/enable features.
Reading the code wasn't enough to understand the concept (since no information about the patching process is documented), that's why I asked for some clarifications.
However, the last question I asked impacts your project if the statement is true because these browsers used to show a warning dialog and now they don't, thus making the feature to disable the dialog in your program for mentioned browsers useless. That's why I added a comment about it.
The issue will be marked as closed as no further clarifications are needed.

Thanks for the clarifications and happy new year 🌟.

from chrome-developer-mode-extension-warning-patcher.

Thanks!
You can post code of what you are trying to do and maybe I will look at it, if you want to.

from chrome-developer-mode-extension-warning-patcher.