madshi.net

Please forget this post. I just 'discover' that my cross certificate size is 0!!!

When I sign the drivers I got: "SignTool Error: An unexpected internal error has occurred." "Error information: "CryptQueryObject" (-2147467259/0x80004005)" This is the first time since 2013 that I encounter it and I don't have had it the past days! This error occurs on...

I disabled all Defender, AVG... but I always got the same result (in the windows command line). It is so weird that I just noticed, in this post, that the file size is 0! I don't have any idea of the reason as I don't modify the madshi distributions after installing them. I reinstalled the last dist...

I tried the batch file both in my account (root user) and in an administrator account with the same results (see attached AccessDenied.png) I also tried to run madConfigDrv.exe directly in the command windows. I checked the madConfigDrv.exe permissions; it has all permission for all the users. I als...

Since I installed the last Windows 10 release I got "Access denied" when I execute "madConfigDrv.exe" in my batch signing file.
Any idea?

I'll try when I'll have some spare time and let you know the results.

The grace period I found on the net is 90 days, but my drivers which load were signed 30/05/2016!
Did you know the 'grace period'?

Yes I agree but: - the madCodeHook drivers version 26/10/2014 load fine in any Windows including Windows 10 with SecureBoot enabled and Driver Signature Enforcement enabled - the madCodeHook drivers version 29/04/2016 don't load in Windows 10 with SecureBoot enabled and Driver Signature Enforcement ...

Yes, my clean machine is a UEFI one with SecureBoot enabled. After I disable it I tested these two configurations: - the current one with PrintMonitor on a network shared directory: the driver is not loaded - a new one with the directory copied on the machine desktop: the driver is loaded If I enabl...

Me too I don't understand and as I always install the last madCodeHook available build, sign my drivers (and applications) with the same batch file and use the same signtool since my first usage of the library, I first suspected the missing of some certificates in clean Windows 10 versus Windows7 up...

Since years I'm able to load my drivers in any version of Windows. The last working build of my drivers, created with 3.1.11 signed with SHA 1 only, the drivers load fine in any version of Windows (Win10 from Win7, Win7, Win 8, fresh Win10, in Virtual machines or computers...). Two new builds using ...

Right. My Acrobat was in protected mode.
When this mode is disabled the injected dll is initialized (called).
This prove that application Protected Mode (Acrobat, Internet Explorer,...) works and blocks 'malware' programs trying to inject them!

Thanks for the functions. I made extended tests (having Acrobat running or not before the injection). I added a window message box as the first code of my injected DllMain. It appears that; - AcroRd32.exe (main process, the Acrobat broker?), 32bit medium integrity: * is injected * displays the messa...

Sorry. The madCodeHook injection works fine. I trace the injected dlls actions in files using the Process Identifier as a part of their names. Sysinternals Process Explorer displays the processes tree with the main processes (with a PID) and eventually the child processes (with different PIDs). I di...

My dll injection works fine for any processes but Acrobat Reader. Acrobat runs two processes with the same name "AcroRd32.exe: - the parent one ("...\AcroRd32.exe") - the child one, the renderer ("...AcroRd32.exe" --channel=1976.1.1033634757 --type=renderer") Only the p...