Search found 254 matches
- Tue Sep 02, 2008 5:50 am
- Forum: madCodeHook
- Topic: protect my hooks from being unhooked
- Replies: 31
- Views: 27217
Maybe (to solve recursive problems) madshi is calling your VirtualProtectNext function, which is used to call the original API. This is not bypassed. You also need to protect the VirtualProtect Hook inside the VirtualProtectCallback function. Also be sure you set PAGE_EXECUTE_READ, so that madshi MU...
- Mon Sep 01, 2008 7:08 pm
- Forum: madCodeHook
- Topic: protect my hooks from being unhooked
- Replies: 31
- Views: 27217
type TProtectedAddress = packed record Addr: Pointer; Size: Integer; end; ProtectedAddresses: array of TProtectedAddress; procedure AddWriteProtection(Addr: Pointer; Size: Integer); begin if VirtualProtectNext(Addr, Size, PAGE_EXECUTE_READ, old) then begin SetLength(ProtectedAddresses, Length(Prote...
- Mon Sep 01, 2008 5:51 pm
- Forum: madCodeHook
- Topic: protect my hooks from being unhooked
- Replies: 31
- Views: 27217
Page = 4096 Bytes = $1000 Bytes if you want to check if someone wants to change the protection of your hook do that: Virtualprotect(...,addr: pointer, size: integer...); pagestart := Integer(addr) and $FFFFF000 pagesize := (Integer(addr) and $FFF + size) if pagesize mod $1000 <> 0 then pagesize := p...
- Thu Aug 16, 2007 5:25 pm
- Forum: madKernel
- Topic: Hooking ntgdibitblt
- Replies: 2
- Views: 11936
- Thu Aug 16, 2007 5:03 pm
- Forum: madCodeHook
- Topic: delay-loaded DLL hooking
- Replies: 4
- Views: 4735
- Thu Aug 16, 2007 3:08 pm
- Forum: madCodeHook
- Topic: delay-loaded DLL hooking
- Replies: 4
- Views: 4735
Re: delay-loaded DLL hooking
Thats wrong, you cna hook kernel32.GetProcAddress // ntdll.LdrGetProcedureAddress and kernel32.LoadLibraryW // ntdll.LdrLoadDll everytime. Even if the program doesnt import it.fornax wrote: Unfortunately, the application I want to hook does not import GetProcAddress (so I cannot hook it)
- Sat Jun 30, 2007 4:40 pm
- Forum: madCodeHook
- Topic: hooking gdi
- Replies: 12
- Views: 10668
- Thu Jun 07, 2007 9:05 pm
- Forum: madCodeHook
- Topic: ProcessHandleToId and ThreadHandleToId
- Replies: 2
- Views: 4145
function GetObsfucator: DWord; stdcall; asm CALL GetCurrentProcessID XOR EAX, DWORD PTR FS:[30h] end; function GetPDB: Pointer; stdcall; asm MOV EAX, DWORD PTR FS:[30h] end; function GetProcessID9X(dwProcessHandle: DWord): DWord; stdcall; var dwObs: DWord; pHT : PHandleTable9x; pPDB : pPDB98; begin...
- Thu Jun 07, 2007 9:01 pm
- Forum: madCodeHook
- Topic: Length Winsock wrong
- Replies: 4
- Views: 5029
I think the problem is the following: Doing IPC is very slow (20msec or more) If the program gets data very fast, winsock is storing the data in a queue. So maye the recvf data isnt only one receive, it can be more parts which are stored in that one big buffer. Dont do anything which slowes down the...
- Thu Jun 07, 2007 1:58 pm
- Forum: madCodeHook
- Topic: commercial antivirus/malware programs
- Replies: 20
- Views: 23762
- Tue Jun 05, 2007 8:49 am
- Forum: madCodeHook
- Topic: Length Winsock wrong
- Replies: 4
- Views: 5029
It should be correct, but is really slow, maybe you can use this: function ConvertDataToHex(Buffer: pointer; Length: Word): string; const hex: array[0..$F] of char = ('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); var i: integer; begin SetLength(Result,Length*2); for i := 0 to Len...
- Fri Jun 01, 2007 11:29 am
- Forum: madCodeHook
- Topic: [ringo] Generic Speed
- Replies: 11
- Views: 9315
- Wed May 23, 2007 5:50 pm
- Forum: madCodeHook
- Topic: AntiPorn Issue
- Replies: 11
- Views: 8796
- Tue May 08, 2007 12:44 pm
- Forum: madCodeHook
- Topic: looking for an alternative for madhook
- Replies: 20
- Views: 17128
1) no havent done that, hook CreateProcessEx and load it inside 2) dunno havent Vista Its more an open source Version, if someone needs it he can recode parts of it and use it as he needs it. There is not much support from my side. If i have time i can maybe add something if its needed, but most tim...
- Sat May 05, 2007 8:13 pm
- Forum: madCodeHook
- Topic: Punkbuster issue
- Replies: 7
- Views: 5822