madshi.net

Hay JanDoggen,

I've been away climbing for a while so i havent been manning my computer or getting much done.

However, I'm trying to catch up now. If you want to drop me an e-mail directly, then we can have a chat and exchange ideas?

e-mail is mike[at]kid-safe[dot]co[dot]uk

Best regards

Mike C

I'm not 100% sure about what exactly you are describing but I have a service which responds to several IPC channels without issue. Firstly, although Madshi's documentation *suggests* that the IPC callback is threaded, I have spawned a separate thread for each IPC channel. Secondly, it is not a good ...

Hay JanDoggen, As you still having issues with this? If so, can you post your exact SendIPCMessage code? If your making IPC calls from within DLLMain, you need to make sure you are setting the last parameter of the SendIPCMessage() function to false. Also, as Madshi has pointed out - all documentati...

Hay nildo, Thanks for the reply. I havent prototyped it yet because i've been busy with documentation, but i thought i would post here first of all. Are you sure that it needs to be duplicated? I've been reading about WSADuplicateSocket (http://msdn.microsoft.com/en-us/library/ms741565(VS.85).aspx) ...

Hi all, not really a madCodeHook question but stems from a Winsock hook that I have, so I thought I'd ask the experts. I have a situation where I'm tracking send and receive data through winsock. There is some information that I need from the send() hook and I need to use it in the recv() hook. I th...

I think the question is: what is an integer. Like I said before, the default enum defaults to an integer but some compilers can over-ride this for optimisation. In most code, this will make no difference but when injecting, the prototype has to match identically, the hooked API. Integer is a bit ope...

Hay guys,

I gave up on this a long time ago. I opted to hook the send requests because i can look at the different send requests and filter for GET or POSTS.

I'd be interested to know if anyone gets this working...

Mike C

are you injecting system wide? try injecting into one process at a time. Just because Explorer.exe crashes, doesnt mean that that is the problem. Are you injecting into csrss.exe? If so, dont... Let me know how you get on - you need to break it down and try injecitng and hooking one process at a tim...

Ok... Based on my previous post and the points madshi has made... First, by the looks of things i.e. all your posts, you are hooking far too much. As I have said time and time again, you need to hook as an absolute last resort. You are not doing this - you can keep on going the way you are, but you ...

All I can really say is that I had the same issue and it was problem with the enum values. Firstly, you say that your enum is being interpreted as an int - are you sure? Some compilers do code optimisation which can change this to a signed integer or even shorten it. Secondly, although you are assig...

vmWare do a free version that can be downloaded and used. I've been reading a lot of your posts and have tried to reply to a few of them.. However (and don’t take this the wrong way), you seem to be quick to post with issues. Everyone is happy to help and I've had countless amounts of help from the ...

Hay unclepauly... First off, I had the same problem that you’re facing - it turned out to be an issue with the FILE_INFORMATION_CLASS enumeration. If I remember correctly, there was some sort of issue with different data types being used by the compiler to represent the underlying enum. I guess you’...

I'd guess you’re trying to detect when an executable is changed either intentionally or un-intentionally. I'd of saved you a lot of work if I’d seen your post earlier but simple - don’t bother. I tried for 2 months solid hooking various native API's and got nothing concrete. Take madshi's advice or ...

What he means is that if you use or need a function (say FunctionX) and it lives in SysUtils.pas, instead of including SysUtils.pas, simpley open up SysUtils.pas, find FunctionX code and copy and paste it into your applications .dpr file. By doing this, your getting a copy of the required code. This...

I haven’t really followed this thread fully - I'm just skimming. How do you know for certain - that the message box is being displayed from the program that you have tried to launch? For example, say you try to launch Notepad.exe. It may be the case that Vista runs a whole host of other stuff before...