madshi.net

I'm using madCodeHook 2.2k and have problems with SendIpcMessage. i send message from exe running under admin account to service running under LocalSystem account. i tested it and sent message every 5 seconds and from 10 messages only one was delivered/received. repeatedly. you announced that this p...

I now tested it under Windows 7 RC1 and everything seems to be ok. So maybe it was some issue in BETA, and Yes in Vista all works fine.

yes it does. no "IsAllowed" dialog is displayed.

I tried to hook all process creation API HookAPI('kernel32.dll', 'CreateProcessW', @CreateProcessWCallback, @CreateProcessWNext); HookAPI('kernel32.dll', 'CreateProcessA', @CreateProcessACallback, @CreateProcessANext); HookAPI('kernel32.dll', 'WinExec', @WinExecCallback, @WinExecNext ); HookAPI('adv...

well, GetModuleFileNameW/A really blocks UAC if it is called from NtTerminateProcess callback. But i succesfully used following function GetModuleFileNameExW(hProcess : THandle; module : HInst; FileName : PWideChar; size : Integer) : Integer; stdcall; external 'psapi.dll' name 'GetModuleFileNameExW'...

To cyberproject: yes i hook NtTerminateProcess and TerminateProcess both in my app. Now my monitor application hooks following APIs with no UAC problems: HookAPI('ntdll.dll','NtTerminateProcess',@NtTerminateProcessCallback,@NtTerminateProcessNext); HookAPI('kernel32.dll','TerminateProcess',@Terminat...

Confirming problem with HookProcessTermination demo. It seems that any interception to process creation with privs elevation causes its aborting. It is probably done by MS to prevent to hack or avoid this procedure.

I hardly spyed how Vista manages process creation when elevation is needed and i found following things that caused my problems with UAC. When user starts any process that needs elevation, this process is immediatelly terminated by system (!) - this is the problem. if you ask any information that de...

i found reason: i used CurrentUser.Name/Domain (IAccount) in hook callback. if i removed it, then problem disappeared. And be sure you do not use no (or minimum) function from Delphi (e.g. from SysUtils etc.) and do not use try...finally..end and try..except..end constructions. they cause problems a...

i'm facing the same problem. but i hook CreateProcessA, CreateProcessW and WinExec. in other dll i hook print routines (the same as in print monitor demo by madshi) and everything does work. strange. found no solution yet. just for info: i tried SAFE_HOOKING with no luck and i do NOT use SYSTEM_PROC...

Is any chance to use RemoteExecute with System (PID=4) process? I tried it but RemoteExecute returns false and code is not executed.

well that's it. And try..finally...end caused crash too. Thanx Nico.

i'm trying to copy any file in context of another process, but affected process crashes on remote execute. Here's code: program RemoteTest; uses Windows, SysUtils, madRemote, madKernel; type PParameters = ^TParameters; TParameters = record Source, Dest: array[0..MAX_PATH] of char; end; function Exec...

hm so i maybe found problem. i use Process(processInfo.hProcess).Session to get session under process is run. if i remove it, everything is ok. But still asking for name and domain by calling KernelObjectSecurity(processInfo.hProcess).Owner.Name and KernelObjectSecurity(processInfo.hProcess).Owner.D...

If you want source of my dll contact me on mitec@atlas.cz, it is possible.