madshi.net

I try to change a registry key's DACL,but there is an error in //********* line,could you tell me why and what can i do? My code: var dwRet:dword; SamName:LPSTR; pSD:PSECURITY_DESCRIPTOR; pOldDacl,pNewDacl:PACL; ea:EXPLICIT_ACCESS_A ; Keys:HKEY ; reg:tregistry; str:tstringlist; begin keys:=0; getmem...

I have recompiled the demo,and now,it can run and install,but i found it never inject "HookTerminateAPIs.dll" to any processes,why???

The demo "InjectService" use "InjectLibrarySession" to inject HookTerminateAPIs.dll,but i found it can't run .also I can terminate process from taskmgr,Why?

So,use The toolhelp functions can enumerate mostly process's threads,
but a little can not,such as Kaspersky's process,i think he hooked The toolhelp functions ,i purpose to make a new "task manager",it can terminate all processes

I want to use terminatethread to terminate process,but some process's theads I can't get them

I want to get system all threads use NTQuerySytemInformation',
How can I do?

When I used "CreateToolhelp32Snapshot" list processes,I found I coudn't
get the Kaspersky's service process true PID,How can I get it.

I can get any process's imagepath,but Kaspersky's service process can't ,

How can I do?

My application run in administrator account.
The error is "project project1.exe raised exception class EExternalException with message 'External exception C0000008'.Process stopped.Use Step or Run to continue.";

When I using process(PID).ParentProcess.ExeFile to get the Local
service's exefile(such as alg.exe,svchost.exe),there is an error.

why?Whether I can get it?

Thank you very much!

Can we Enum Hooks of the installed system hooks ?

Thanks, but I also have a problem,my code is: function CreateRemoteThreadCallback(hProcess: THandle; lpThreadAttributes: Pointer; dwStackSize: DWORD; lpStartAddress: TFNThreadStartRoutine; lpParameter: Pointer; dwCreationFlags: DWORD; var lpThreadId: DWORD): THandle; stdcall; begin result:=CreateRem...

I want to inject this dll into applications, only.when the application trying to using "CreateRemoteThread",to Forbid it.

I'm trying to hook CreateRemoteThread.But, When i start hook this API, My Windows XP face a blue screen(OS Crash). Please, let me know what was wrong in my Code,and why? My code is: var CreateRemoteThreadNext:function(hProcess: THandle; lpThreadAttributes: Pointer; dwStackSize: DWORD; lpStartAddress...