Search found 1068 matches
- Fri Apr 26, 2024 6:39 pm
- Forum: madCodeHook
- Topic: HookAllAPI /Import Table Patching ?
- Replies: 7
- Views: 68
Re: HookAllAPI /Import Table Patching ?
In order for API Monitor to be able to build a call tree is due to the fact that over 13,000 API definitions are available to it and each function is internally hooked one-by-one, same as you would achieve with madCodeHook, Detours, mHook, Easy Hook and others. You can't avoid this since each functi...
- Fri Apr 26, 2024 11:57 am
- Forum: madCodeHook
- Topic: HookAllAPI /Import Table Patching ?
- Replies: 7
- Views: 68
Re: HookAllAPI /Import Table Patching ?
Please explain more about what you mean here: Would you know some tool /framework that would allow to hook *all the methods* all at once If you mean a HookAllAPIs() call in code, no. If you want a tool that has predefined function prototypes that captures thousands of Win32 API then try API Monitor ...
- Thu Apr 25, 2024 7:17 pm
- Forum: madCodeHook
- Topic: HookAllAPI /Import Table Patching ?
- Replies: 7
- Views: 68
Re: HookAllAPI /Import Table Patching ?
1. According the documentation, function HookAPI (module, api: PAnsiChar;...) expects a API name. So for each API that must be hooked, an individual call to HookAPI must occur. -> This solution is not suitable for me. HookCode() does not need a module name or API function name at all, it uses an un...
- Wed Mar 20, 2024 10:47 pm
- Forum: madExcept
- Topic: madExcept Window to small on High-DPI
- Replies: 7
- Views: 381
Re: madExcept Window to small on High-DPI
Here's a Microsoft sample project with full code in case anyone wants to test all DPI Awareness parameters, this way you can see how the system treats each one of them visually. You can then change stdac(THandle(N)) to whatever value you prefer, if needed. https://github.com/microsoft/Windows-classi...
- Sat Feb 24, 2024 1:23 am
- Forum: madExcept
- Topic: Application crashes when generating leak reports
- Replies: 20
- Views: 25541
Re: Application crashes when generating leak reports
I do call GetWindowText(), though, which apparently calls SendMessage Sure does :D It's a super thin wrapper around SendMessage(hWnd, WM_GETTEXT...); You can call InternalGetWindowText() instead (if you need it), there is no message passing at all. Instead, a direct syscall is made to the Win32k dr...
- Sat Jan 27, 2024 11:12 pm
- Forum: madCodeHook
- Topic: help! Do not injection (RESOLVED)
- Replies: 16
- Views: 2954
Re: help! Do not injection
@kuaaan,
Please let us know if your issue is resolved so we can close this thread, thanks!
--Iconic
Please let us know if your issue is resolved so we can close this thread, thanks!
--Iconic
- Wed Jan 24, 2024 9:34 am
- Forum: madCodeHook
- Topic: help! Do not injection (RESOLVED)
- Replies: 16
- Views: 2954
Re: help! Do not injection
if drvCfg.Magic2[1] = $12345678 then maxKeySize := 260 else if drvCfg.Magic2[1] = $12345679 then // unavail on OLD builds maxKeySize := 516; That's what caused the issue in my tests during x-comparison (older to latest) --Iconic
- Wed Jan 24, 2024 9:07 am
- Forum: madCodeHook
- Topic: help! Do not injection (RESOLVED)
- Replies: 16
- Views: 2954
Re: help! Do not injection
Hello, Ran a quick test myself with your exact binaries and the latest madConfigDrv tool worked fine here, no warnings/errors (hash of the driver changed accordingly, too) - Your "older" binary version of madConfigDrv.exe failed with the same error you are experiencing on my end. It all co...
- Tue Jan 23, 2024 11:19 pm
- Forum: madCodeHook
- Topic: help! Do not injection (RESOLVED)
- Replies: 16
- Views: 2954
Re: help! Do not injection
I've personally never encountered this problem with any version of madConfigDrv tool, however I use the "old" and proven way without the -cert parameter. Like Madshi said previously, it's much less flexible in case of changes to a binary, however (as Madshi noted) Lastly, does this only ha...
- Tue Jan 02, 2024 4:05 am
- Forum: fun talk
- Topic: Happy New Year!
- Replies: 21
- Views: 142897
Re: Happy New Year!
Happy New Year and best wishes for 2024 to everyone on the forum!
--Iconic
--Iconic
- Wed Nov 29, 2023 8:17 pm
- Forum: madCodeHook
- Topic: [question] error code 31..
- Replies: 3
- Views: 34220
Re: [question] error code 31..
@jgh0721 Thanks for letting us know what your resolution was, it helps others on the forum too. As far as Windows OS is concerned... some Win32 API will normalize separators such as a / instead of a \ but other APIs may not (especially some native API). Sanitization and normalization is expected to ...
- Sun Oct 22, 2023 2:38 pm
- Forum: madExcept
- Topic: MadExcept not intergrating into applications
- Replies: 6
- Views: 14511
Re: MadExcept not intergrating into applications
Does the same thing happen after a clean uninstall and reinstall?
--Iconic
--Iconic
- Wed Sep 27, 2023 1:10 am
- Forum: madExcept
- Topic: What Delphi versions are supported?
- Replies: 3
- Views: 8802
Re: What Delphi versions are supported?
Delphi 7 was added to madExcept at the end of 2002 (not long after D7 was released), it works fine for Delphi 7 last I checked. Delphi 7 is also only 32-bit so eventually you may want to upgrade your IDE/Compiler. As far as your error and file access, ensure that the file actually exists before acce...
- Fri Aug 25, 2023 12:11 am
- Forum: madExcept
- Topic: Hiding a leak
- Replies: 3
- Views: 9418
Re: Hiding a leak
Hello,
The information is available for you to parse yourself after it's POSTed, after the info is collected. So yes, you'd need to do such a specific task of (parsing out the information) afterwards to alter the report info.
--Iconic
The information is available for you to parse yourself after it's POSTed, after the info is collected. So yes, you'd need to do such a specific task of (parsing out the information) afterwards to alter the report info.
--Iconic
- Fri Aug 18, 2023 6:30 pm
- Forum: madCodeHook
- Topic: code not interceptable
- Replies: 4
- Views: 39253
Re: code not interceptable
I've answered a similar question here a few years ago involving the same returned error code and it was also involving interface hooking. I recommended the OP replace the virtual method address directly in the vTable/VMT and it worked fine for him. Please see http://forum.madshi.net/viewtopic.php?f=...