"Unknown error in injected assembler code" with Run as administrator

Jul 3, 2010 at 10:26 PM
Edited Jul 12, 2010 at 6:04 PM

I have a 32-bit application that uses EasyHook to inject a small 32-bit unmanaged DLL into a 32-bit unmanaged application. It works great for most users most of the time.  However, occasionally the injection fails and the injected application crashes. My application's log files indicate that RhInjectLibrary returns 0xc00000e5, RtlGetLastErrorString returns "Unknown error in injected assembler code", and RtlGetLastError returns 5.

As far as I am able to tell, when this error occurs, none of the code in my DLL gets a chance to run at all, which leads me to suspect the problem may be with EasyHook itself.

Most users do not encounter the problem at all.  Several users have encountered the problem exactly once each.  I had one user who encountered this problem every single time.  

All of the crashes appear to be on 64-bit operating systems, but since the problem is intermittent I can't be certain that it cannot occur on a 32-bit system.  I have observed the problem on both 32-bit and 64-bit systems now.

Has anyone else experienced this issue?  Any advice on tracking down and fixing the problem?

Jul 12, 2010 at 12:03 AM
Edited Jul 12, 2010 at 6:05 PM

I've finally figured out how to reproduce this problem.  It occurs the following situation (and possibly others):

UAC is enabled.  The injecting program has a manifest with requireAdministrator and uiAccess=false.  Then, a non-administrator users starts the injecting program by right clicking on it and choosing "Run as administrator".

If the user starts the program normally (instead of via Run as administrator), everything works fine.

If I put uiAccess=true in the manifest, everything works fine (but this has other undesirable consequences).