Search found 46 matches
- Thu Feb 15, 2007 3:01 am
- Forum: madCodeHook
- Topic: FileName under NtCreateFile Hook?
- Replies: 5
- Views: 6874
- Wed Feb 14, 2007 4:12 am
- Forum: madCodeHook
- Topic: How to replace my own function? [Delphi]
- Replies: 7
- Views: 6731
if you dont care about being able to unhook or anything... you could just overwrite the asm at the address of the function. Just use VirtualProtect to unprotect it, and overwite it with a jmp instuction to your new function... just make sure the parameter lists are the same and the calling conventio...
- Wed Feb 14, 2007 3:02 am
- Forum: madCodeHook
- Topic: Advanced Debugging Tips
- Replies: 5
- Views: 32982
- Wed Feb 07, 2007 2:54 am
- Forum: madCodeHook
- Topic: Advanced Debugging Tips
- Replies: 5
- Views: 32982
Part 2 - Debugging tips Ok, now you understand the basics of the CPU window, this should be a bit eaiser to explain. CPUs use things called interrupts, they do exactly that, they interrupt the current program flow so the CPU can do somthing else. We dont need to know much at all about this, other t...
- Wed Feb 07, 2007 2:53 am
- Forum: madCodeHook
- Topic: Advanced Debugging Tips
- Replies: 5
- Views: 32982
Advanced Debugging Tips
Hi all, Over the years of playing with delphi/assembler... etc. I have learnt some very usefull ways to debug code when for some reason or another you can not put a breakpoint in the IDE (eg: self modifying code, injected dll, remote process). Please note though, I am completly self-taught, so this ...
- Wed Feb 07, 2007 1:58 am
- Forum: madCodeHook
- Topic: Howto hook a "normal" MSVC++ 6 function with Delph
- Replies: 2
- Views: 3199
Oh, and if you cant call it from your app, you can do this... In your function, put this after the begin line: asm int 3 end; int 3 is the breakpoint interrupt... if there is a debugger attached, it will step in. Start the application, inject the dll and in the Run menu in delphi, select Attach to p...
- Wed Feb 07, 2007 1:55 am
- Forum: madCodeHook
- Topic: Howto hook a "normal" MSVC++ 6 function with Delph
- Replies: 2
- Views: 3199
- Wed Feb 07, 2007 1:39 am
- Forum: madCodeHook
- Topic: hook on access file
- Replies: 11
- Views: 8635
- Mon Feb 05, 2007 11:35 pm
- Forum: madCodeHook
- Topic: hook on access file
- Replies: 11
- Views: 8635
you could use shared memory... or send a message using PostMessage, or you could use named pipes. It depends on what you need to do. Shared Memory is good for transfering a single record, or bulk data every now and then, but isnt good if multiple apps need to write to it at the same time. SendMessag...
- Thu Feb 01, 2007 6:11 am
- Forum: fun talk
- Topic: Dynamic Dll Loading
- Replies: 3
- Views: 16835
I got it working :crazy: //Patches the call table with a jump to the supplied pointer procedure PatchTable(Addr: Pointer); var PatchRec: array[0..11] of Byte; Code : Pointer; Old : LongInt; begin //Get the table address asm push eax mov eax, esp add eax, 13*4 mov eax, dword ptr [eax] sub eax, 12 mov...
- Thu Feb 01, 2007 5:09 am
- Forum: fun talk
- Topic: Dynamic Dll Loading
- Replies: 3
- Views: 16835
- Thu Feb 01, 2007 4:42 am
- Forum: fun talk
- Topic: Dynamic Dll Loading
- Replies: 3
- Views: 16835
Dynamic Dll Loading
I have been experimenting with a way to dynamically load a DLL and its entrypoints on the fly with error checking instead of implicit linking. I didn't like how if I was to do this, I would have to write 100's of stubs that called LoadLibrary and GetProcAddress... so I came up with this Note: requir...
- Tue Jan 30, 2007 6:00 am
- Forum: madCodeHook
- Topic: Screen reader
- Replies: 5
- Views: 6130
- Tue Jan 30, 2007 5:46 am
- Forum: madExcept
- Topic: Commercial use of madExcept
- Replies: 2
- Views: 4045
Its good to meet someone else out there that isn't out to make cash through any means nessary. I continue to be impressed with your product/service/support and friendlyness. Once you got enough money in to pay a license to madExcept, please do that No problems, I believe in supporting those that sup...
- Mon Jan 29, 2007 12:14 am
- Forum: madCodeHook
- Topic: Bypassing native user mode API hooks
- Replies: 4
- Views: 5727
Bypassing native user mode API hooks
Just an Idea, others may have thought of this already. I have read about bypassing hooks by re-writing the original 6 bytes with the original values again before calling the api. Since the Native calls (ie, NtOpenFile) are just a thunk to the kernel level, if it has been hooked by another applicatio...