I actually don't have a Delphi, but C DLL, though the try/except is the same thing.
It doesn't work, once WinDBG is triggered, as soon as I am out of the DebugBreak() call, the exception gets propagated to the application, and is not captured by try/except.
Search found 21 matches
- Thu Jun 23, 2016 3:46 pm
- Forum: madCodeHook
- Topic: Getting a debug break point in WinDBG/VMWare
- Replies: 2
- Views: 12395
- Thu Jun 16, 2016 4:19 pm
- Forum: madCodeHook
- Topic: Getting a debug break point in WinDBG/VMWare
- Replies: 2
- Views: 12395
Getting a debug break point in WinDBG/VMWare
As a debugging technique, I am trying to get the hook DLLs to trigger a debug break point. The DLLs are tested inside VMs (VMWare) and WinDBG is attached to the VM for kernel debugging/exe. This also allows me to somewhat debug the DLLs. Does anyone know how I can trigger a debug break point from my...
- Thu Dec 03, 2015 2:05 am
- Forum: madCodeHook
- Topic: CopyFile error code is 5 (Access is denied)
- Replies: 4
- Views: 5443
Re: CopyFile error code is 5 (Access is denied)
Not the case here exactly, but it is a sandbox issue. Since the copy works from the Hook Init and not from the hooked API itself. The DLL initialization happens inside the main process, whereas the hook is called from the sandboxed process. Sandboxed processed in IE, whether Protected Mode is on, or...
- Thu Dec 03, 2015 2:02 am
- Forum: madCodeHook
- Topic: Windows 10 support
- Replies: 49
- Views: 95697
Re: Windows 10 support
I was not aware that XP SP3 supports SHA2, that is nice! As long as XP x64 and Vista x64 SP1 do, then there is absolutely no reason for SHA-1 now.
Anyway, I have contacted GS and DigiCert (we have both certs, two different companies). Both can issue SHA1 and SHA2 at the same time! If you need them.
Anyway, I have contacted GS and DigiCert (we have both certs, two different companies). Both can issue SHA1 and SHA2 at the same time! If you need them.
- Fri Nov 27, 2015 8:04 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
Hmm, that seems plausable! It will require lots of rewrite, but it is possible.
- Thu Nov 26, 2015 3:29 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
We would need a separate thread for this also :( Since the callback would be during processing of SendIpcMessage (from our DLL to our app, our app would then need to send a callback, and NOT finish processing the IPC message still) What is done: - DLL hooks file copy operations (for non-security rea...
- Wed Nov 25, 2015 11:46 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
Hmm. We do create an IPC queue in our apps, but that queue serves for DLLs to send messages to us - whereas, we need to send some callback messages (during file copy, for progress) to each DLL individually (so we cannot use the IPC queue created by the apps for the reply) I have tinkered with doing ...
- Wed Nov 25, 2015 6:42 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
I have created a dummy DLL, that solely calls the InitIPC as I said above. Here is the entire code of the DLL: #include <windows.h> #include <stdio.h> #include <string.h> #include <shobjidl.h> #include <Shlobj.h> #include <malloc.h> #include <crtdbg.h> #include "madCHook.h" DWORD dwIpcQueu...
- Wed Nov 25, 2015 6:25 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
I don't think it works at all - it tells me the binary is not correctly signed.
The UI supposedly loads, but DebugView shows system output that says the dirver is not properly signed, and cannot be loaded. (I am running PrintMonitor64.exe As Admin)
The UI supposedly loads, but DebugView shows system output that says the dirver is not properly signed, and cannot be loaded. (I am running PrintMonitor64.exe As Admin)
- Wed Nov 25, 2015 6:08 pm
- Forum: madCodeHook
- Topic: Windows 10 support
- Replies: 49
- Views: 95697
Re: Windows 10 support
I talked to them today, and indeed they can issue an SHA1 cert for us alongside the SHA2 that we have!
- Wed Nov 25, 2015 4:57 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
I thought so, but this is one extremely cut down example that causes issues on Windoes 10 in general, Edge is just the easiest to reproduce, because it always faults.
Please try a simple DLL with just that code, or I can send you our binary with just that much.
Please try a simple DLL with just that code, or I can send you our binary with just that much.
- Wed Nov 25, 2015 1:31 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
Re: IPC Queue and Windows 10 x64
Any ideas on this?
- Tue Nov 24, 2015 6:27 pm
- Forum: madCodeHook
- Topic: Windows 10 support
- Replies: 49
- Views: 95697
Re: Windows 10 support
Technically, we'll need it, won't we?
And how did you get an SHA1 certificate from GS this late? They only allowed SHA2 when I renewed during summer.
And how did you get an SHA1 certificate from GS this late? They only allowed SHA2 when I renewed during summer.
- Sun Nov 22, 2015 5:40 pm
- Forum: madCodeHook
- Topic: Windows 10 support
- Replies: 49
- Views: 95697
Re: Windows 10 support
This is an FYI, as I am testing on Windows 10 only now. I use signtool to sign the madCodeHook drivers with an SHA2 NON-EV certificate, and the drivers load on Windows 10 x64. This is exactly how they were signed before. This also works for Windows 7 x64 (which enforces driver signing), as there is ...
- Sun Nov 22, 2015 5:32 pm
- Forum: madCodeHook
- Topic: IPC Queue and Windows 10 x64
- Replies: 13
- Views: 11158
IPC Queue and Windows 10 x64
We have found that when our DLLs are injected on Windows 10 x64, Microsoft Edge just won't start (Element not found error is reported after a few seconds, and if I try to run Edge again before that popup window, some other error occurs as well). I am mentioning Edge, because it always reproduces the...