Search found 166 matches

by mikec
Thu Dec 17, 2009 3:17 am
Forum: madCodeHook
Topic: winsock hook - tracking socket handles
Replies: 4
Views: 3435

Hay JanDoggen,

I've been away climbing for a while so i havent been manning my computer or getting much done.

However, I'm trying to catch up now. If you want to drop me an e-mail directly, then we can have a chat and exchange ideas?

e-mail is mike[at]kid-safe[dot]co[dot]uk

Best regards

Mike C
by mikec
Thu Dec 17, 2009 3:10 am
Forum: madCodeHook
Topic: Is handling IPC messages threaded and queued?
Replies: 3
Views: 2123

I'm not 100% sure about what exactly you are describing but I have a service which responds to several IPC channels without issue. Firstly, although Madshi's documentation *suggests* that the IPC callback is threaded, I have spawned a separate thread for each IPC channel. Secondly, it is not a good ...
by mikec
Thu Dec 17, 2009 3:03 am
Forum: madCodeHook
Topic: Can I use SendIPCMessage from the DLLMain initialization?
Replies: 2
Views: 1896

Hay JanDoggen, As you still having issues with this? If so, can you post your exact SendIPCMessage code? If your making IPC calls from within DLLMain, you need to make sure you are setting the last parameter of the SendIPCMessage() function to false. Also, as Madshi has pointed out - all documentati...
by mikec
Tue Nov 10, 2009 1:46 am
Forum: madCodeHook
Topic: winsock hook - tracking socket handles
Replies: 4
Views: 3435

Hay nildo, Thanks for the reply. I havent prototyped it yet because i've been busy with documentation, but i thought i would post here first of all. Are you sure that it needs to be duplicated? I've been reading about WSADuplicateSocket (http://msdn.microsoft.com/en-us/library/ms741565(VS.85).aspx) ...
by mikec
Tue Nov 03, 2009 11:25 pm
Forum: madCodeHook
Topic: winsock hook - tracking socket handles
Replies: 4
Views: 3435

winsock hook - tracking socket handles

Hi all, not really a madCodeHook question but stems from a Winsock hook that I have, so I thought I'd ask the experts. I have a situation where I'm tracking send and receive data through winsock. There is some information that I need from the send() hook and I need to use it in the recv() hook. I th...
by mikec
Mon Aug 03, 2009 11:01 am
Forum: madCodeHook
Topic: trying to hook ntSetInfomationFile, but explorer is crashing
Replies: 9
Views: 8469

I think the question is: what is an integer. Like I said before, the default enum defaults to an integer but some compilers can over-ride this for optimisation. In most code, this will make no difference but when injecting, the prototype has to match identically, the hooked API. Integer is a bit ope...
by mikec
Mon Aug 03, 2009 12:46 am
Forum: madCodeHook
Topic: hooking getaddrinfo - desperate help - please...
Replies: 11
Views: 12086

Hay guys,

I gave up on this a long time ago. I opted to hook the send requests because i can look at the different send requests and filter for GET or POSTS.

I'd be interested to know if anyone gets this working...

Mike C
by mikec
Sat Aug 01, 2009 1:30 pm
Forum: madCodeHook
Topic: Hooking NtCreateKey and NtOpenKey crash explorer
Replies: 6
Views: 7037

are you injecting system wide? try injecting into one process at a time. Just because Explorer.exe crashes, doesnt mean that that is the problem. Are you injecting into csrss.exe? If so, dont... Let me know how you get on - you need to break it down and try injecitng and hooking one process at a tim...
by mikec
Fri Jul 31, 2009 6:34 pm
Forum: madCodeHook
Topic: Hooking NtCreateKey and NtOpenKey crash explorer
Replies: 6
Views: 7037

Ok... Based on my previous post and the points madshi has made... First, by the looks of things i.e. all your posts, you are hooking far too much. As I have said time and time again, you need to hook as an absolute last resort. You are not doing this - you can keep on going the way you are, but you ...
by mikec
Fri Jul 31, 2009 6:02 pm
Forum: madCodeHook
Topic: trying to hook ntSetInfomationFile, but explorer is crashing
Replies: 9
Views: 8469

All I can really say is that I had the same issue and it was problem with the enum values. Firstly, you say that your enum is being interpreted as an int - are you sure? Some compilers do code optimisation which can change this to a signed integer or even shorten it. Secondly, although you are assig...
by mikec
Fri Jul 31, 2009 2:30 am
Forum: madCodeHook
Topic: Protect own application from termination...issues
Replies: 9
Views: 5425

vmWare do a free version that can be downloaded and used. I've been reading a lot of your posts and have tried to reply to a few of them.. However (and don’t take this the wrong way), you seem to be quick to post with issues. Everyone is happy to help and I've had countless amounts of help from the ...
by mikec
Fri Jul 31, 2009 2:10 am
Forum: madCodeHook
Topic: trying to hook ntSetInfomationFile, but explorer is crashing
Replies: 9
Views: 8469

Hay unclepauly... First off, I had the same problem that you’re facing - it turned out to be an issue with the FILE_INFORMATION_CLASS enumeration. If I remember correctly, there was some sort of issue with different data types being used by the compiler to represent the underlying enum. I guess you’...
by mikec
Mon Jul 27, 2009 1:29 am
Forum: madCodeHook
Topic: How to figure out that a file is about to be modified?
Replies: 2
Views: 2242

I'd guess you’re trying to detect when an executable is changed either intentionally or un-intentionally. I'd of saved you a lot of work if I’d seen your post earlier but simple - don’t bother. I tried for 2 months solid hooking various native API's and got nothing concrete. Take madshi's advice or ...
by mikec
Mon Jul 27, 2009 1:23 am
Forum: madCodeHook
Topic: Hook dll and Objects
Replies: 7
Views: 3739

What he means is that if you use or need a function (say FunctionX) and it lives in SysUtils.pas, instead of including SysUtils.pas, simpley open up SysUtils.pas, find FunctionX code and copy and paste it into your applications .dpr file. By doing this, your getting a copy of the required code. This...
by mikec
Mon Jul 27, 2009 12:52 am
Forum: madCodeHook
Topic: Problem with demo "HookProcessTermination" / Vista
Replies: 7
Views: 4582

I haven’t really followed this thread fully - I'm just skimming. How do you know for certain - that the message box is being displayed from the program that you have tried to launch? For example, say you try to launch Notepad.exe. It may be the case that Vista runs a whole host of other stuff before...