madshi.net

thanks, took some thing out of the thread: - Buying a 50% disc. EV cert - Testing secureboot on a VM using Hyper-V I have a crazy idea to avoid all this horrible thing, that many of us may not be willing to do: - The driver is always the same for everyone, so you could do this Microsoft thing once f...

I think they refer to our the certificate, not the cross-signing certificate. As seen here: A cross-signed driver using a SHA-1 certificate issued prior to July 29th, 2015 will work on all platforms starting with Windows Vista through Windows 10. A cross-signed driver using a SHA-1 or SHA-256 certif...

I was about to send you that link.. the news on madCHook 4 are good. The bad thing is: - Will Microsoft aprove a generic driver that injects code?? Any success case? - EV certs are VERY expensive!! there is something I don't understand on this exception: "Drivers signed with cross-signing certi...

I 've been reading about the new requirements for kernel drivers on windows 10: - all new Windows 10 kernel mode drivers must be submitted to and digitally signed by the Windows Hardware Developer Center Dashboard portal. Windows 10 will not load new kernel mode drivers which are not signed by the p...

I think the best is to have a debugging sys and a production sys. On the last one I will only add released versions of dlls.
We send updates quite often, this way our software will work on partial updates (freezed C drive, where sys file is)
Thanks!

hello, I need to know what happens when the 40 allowed hashes are on my sys file and I try to add one. the oldest is removed? the add fails with visible error?
thanks

Edata: Thank you! I will try that.

Madshi: I will get 32 bit hooks on a 64 bit OS just using madcHook 3.0?

Because in my tests, the current version hooks 32bit running processes but not new ones.

than you very much.

I read that Embarcadero is not planning a 64 bit delphi till mid-2010...
I don´t know a thing about C++, if I want to give 64-bit support I would have to rewrite from scratch my dll and caller code in c++?
Is there any other choice to make it easier?

thank you very much

You have to be very carefull with the uses on the injection dll, remember it will run on any process, in this case many system non-window.
I remember Madshi didn't recomend even using SysUtils (I don´t know if he thinks tha same these days)
bye

Ok, I am testing your app on Windows Vista I have experience using GDI apis, this is all new for me, I see you hook spoolsv.exe, MADSHI: Wasn´t it unsafe to hook this service? I thought it was excluded by default. printing on I explorer, Firefox and notepad: - In the messagebox I always get JobId=0 ...

Ok, great job!
I didn't tried that because my soft is on every pc, so I detect jobs on the client, but that could be good to avoid unauthorized jobs from laptops.
Share it and lets see what can be done!

what you got is a way to detect jobs created by client pcs, hooking apis on the server? I am interested in that case. I thought these was managed by spoolsv.exe which causes problems with madchook and was excluded by madshi. If what you are doing is detect jobs created on the server, I never had pro...

Thanks a lot, I think that I will never understand delphi strings... I used madshi's utilities ti construct the full path, I use delphi 2007: var RutaDriver : array [0..255] of widechar; SystemDir : array [0..MAX_PATH-1] of char; begin; GetSystemDirectory(SystemDir, MAX_PATH); ansitowide(SystemDir,r...

hello, I was doing tests with the kernel driver, and I uninstalled it, from device manager.
Finálly it is working again (don`t know how) but the driver doesn't appear in the "not UPNP" any more, do you know why?

Hi, it was my mistake, I mean the line a posted was right but it is no use if you set a bad path driver before and you do not reboot. So madchook was ok. Thing is a want to do : driverpath :=pwidechar(getsystemdir + '\drivers\' + drivername); but it is giving garbage I think because of bad casting o...