madshi.net

Ah ok, I wasn't aware of that delphi specific issue.
I've been using MCH only with C++ so far.

You can have your injected DLL check the name of the process it gets injected into. So if DLLMain determines that it got injected (DLL_PROCESS_ATTACH) into a blacklisted process: simply return "false" and it'll be unloaded.

MessageBoxA calls MessageBoxExW on Win2k and MessageBoxTimeoutW on WinXP

You can check the call chains here.
Example: MessageBoxA on WinXP SP2.

Let me know if you have some ideas/directions how to solve this issue - I must make my add-on compatible with that plug-in. You could try to hook the plugins hooking functions. Then you could simply call the plugins "shared callbacks" from your plugin. Thats a pretty specific solution tho...

The files will only be hidden while your program is running. Once someone terminates it, they'll become visible (assuming all injected DLLs rely on your main program). The other way would be to remove its autostart entry. Only to hide files is a very weak protection. Encrypted folders are way more s...

You might need to buy the "company" or "company source" version for that purpose.

Also, this posting might be of interest to you:
viewtopic.php?t=1151

Create a new thread and use Sleep() to pause it for some time. That way the host app won't block.
Delaying execution using a while loop is called busy waiting and is considered bad.

Being too lazy to write a reply myself:
http://www.sysinternals.com/Forum/forum ... &PN=2#8013

The registers & values on the stack are 32bit on 32bit processors.
So you can safely use DWORDs.

There is a type conversion table here:
http://www.drbob42.com/delphi/headconv.htm

When in doubt, use a DWORD for transparency

Your compiler may use a different calling convention by default.
Try fastcall, cdecl and stdcall as default setting.

Maybe you didn't use the same calling convention as the function you hooked uses.

It seems you've memory mapped a small exe file.
Exe files are usually mapped at 0x400000 or 0x500000.
Addresses in exe files, like the API call in the first line, won't get relocated when you map them to a different location.

The injected DLL could check which application it got injected into (GetModuleName). If it is notepad.exe, your DllMain function can return 0, so it'll automatically get uninjected again.

Yes, mIRC can call functions from DLLs (check the helpfile for /dll).
You could write a small DLL which exports a single function.
When called by mIRC, it'll load the madcodehook DLL and inject into i.e. Calculator.