madshi.net

If you need doco or detailed information on the Native data types, get the Native Jedi package for delphi. For detailed information on how to use it all, go here: http://www.rawol.com/?topic=41 Its the "Undocumented Windows 2000 Secrets" book in PDF form, released for free by its author......

if you dont care about being able to unhook or anything... you could just overwrite the asm at the address of the function. Just use VirtualProtect to unprotect it, and overwite it with a jmp instuction to your new function... just make sure the parameter lists are the same and the calling conventio...

No problems
Thanks for the sticky

Part 2 - Debugging tips Ok, now you understand the basics of the CPU window, this should be a bit eaiser to explain. CPUs use things called interrupts, they do exactly that, they interrupt the current program flow so the CPU can do somthing else. We dont need to know much at all about this, other t...

Hi all, Over the years of playing with delphi/assembler... etc. I have learnt some very usefull ways to debug code when for some reason or another you can not put a breakpoint in the IDE (eg: self modifying code, injected dll, remote process). Please note though, I am completly self-taught, so this ...

Oh, and if you cant call it from your app, you can do this... In your function, put this after the begin line: asm int 3 end; int 3 is the breakpoint interrupt... if there is a debugger attached, it will step in. Start the application, inject the dll and in the Run menu in delphi, select Attach to p...

Sounds like it is actually cdecl, not stdcall, try that. I have hit the same problem, no errors until somthing modifies the stack (call pushes a return address onto the stack, and its params). It may help to try the following in your own app (not injected). Put a break on the "begin" line ...

madshi wrote:Vista blocks several of the well known IPC methods.

Really??? which ones?

you could use shared memory... or send a message using PostMessage, or you could use named pipes. It depends on what you need to do. Shared Memory is good for transfering a single record, or bulk data every now and then, but isnt good if multiple apps need to write to it at the same time. SendMessag...

I got it working :crazy: //Patches the call table with a jump to the supplied pointer procedure PatchTable(Addr: Pointer); var PatchRec: array[0..11] of Byte; Code : Pointer; Old : LongInt; begin //Get the table address asm push eax mov eax, esp add eax, 13*4 mov eax, dword ptr [eax] sub eax, 12 mov...

Hrmm, just thinking about how to improve performance even more... I could be possible to change the address of the variable "glutInit" to the real address in the dll after the first time it has been called to bypass the error checking. I suppose you could call it dynamic implicit linking. ...

I have been experimenting with a way to dynamically load a DLL and its entrypoints on the fly with error checking instead of implicit linking. I didn't like how if I was to do this, I would have to write 100's of stubs that called LoadLibrary and GetProcAddress... so I came up with this Note: requir...

If its just a standard window, you can just use the "GetWindowText" API with the handle to the window. Option 1: Hooking the API's that actually draw the text I would think is the better way to go, this would give you access to the X/Y coords, and the actual text, so you know where on the ...

Its good to meet someone else out there that isn't out to make cash through any means nessary. I continue to be impressed with your product/service/support and friendlyness. Once you got enough money in to pay a license to madExcept, please do that No problems, I believe in supporting those that sup...

Just an Idea, others may have thought of this already. I have read about bypassing hooks by re-writing the original 6 bytes with the original values again before calling the api. Since the Native calls (ie, NtOpenFile) are just a thunk to the kernel level, if it has been hooked by another applicatio...