madshi.net

I actually don't have a Delphi, but C DLL, though the try/except is the same thing.
It doesn't work, once WinDBG is triggered, as soon as I am out of the DebugBreak() call, the exception gets propagated to the application, and is not captured by try/except.

As a debugging technique, I am trying to get the hook DLLs to trigger a debug break point. The DLLs are tested inside VMs (VMWare) and WinDBG is attached to the VM for kernel debugging/exe. This also allows me to somewhat debug the DLLs. Does anyone know how I can trigger a debug break point from my...

Not the case here exactly, but it is a sandbox issue. Since the copy works from the Hook Init and not from the hooked API itself. The DLL initialization happens inside the main process, whereas the hook is called from the sandboxed process. Sandboxed processed in IE, whether Protected Mode is on, or...

I was not aware that XP SP3 supports SHA2, that is nice! As long as XP x64 and Vista x64 SP1 do, then there is absolutely no reason for SHA-1 now.

Anyway, I have contacted GS and DigiCert (we have both certs, two different companies). Both can issue SHA1 and SHA2 at the same time! If you need them.

Hmm, that seems plausable! It will require lots of rewrite, but it is possible.

We would need a separate thread for this also :( Since the callback would be during processing of SendIpcMessage (from our DLL to our app, our app would then need to send a callback, and NOT finish processing the IPC message still) What is done: - DLL hooks file copy operations (for non-security rea...

Hmm. We do create an IPC queue in our apps, but that queue serves for DLLs to send messages to us - whereas, we need to send some callback messages (during file copy, for progress) to each DLL individually (so we cannot use the IPC queue created by the apps for the reply) I have tinkered with doing ...

I have created a dummy DLL, that solely calls the InitIPC as I said above. Here is the entire code of the DLL: #include <windows.h> #include <stdio.h> #include <string.h> #include <shobjidl.h> #include <Shlobj.h> #include <malloc.h> #include <crtdbg.h> #include "madCHook.h" DWORD dwIpcQueu...

I don't think it works at all - it tells me the binary is not correctly signed.
The UI supposedly loads, but DebugView shows system output that says the dirver is not properly signed, and cannot be loaded. (I am running PrintMonitor64.exe As Admin)

I talked to them today, and indeed they can issue an SHA1 cert for us alongside the SHA2 that we have!

I thought so, but this is one extremely cut down example that causes issues on Windoes 10 in general, Edge is just the easiest to reproduce, because it always faults.

Please try a simple DLL with just that code, or I can send you our binary with just that much.

Any ideas on this?

Technically, we'll need it, won't we?

And how did you get an SHA1 certificate from GS this late? They only allowed SHA2 when I renewed during summer.

This is an FYI, as I am testing on Windows 10 only now. I use signtool to sign the madCodeHook drivers with an SHA2 NON-EV certificate, and the drivers load on Windows 10 x64. This is exactly how they were signed before. This also works for Windows 7 x64 (which enforces driver signing), as there is ...

We have found that when our DLLs are injected on Windows 10 x64, Microsoft Edge just won't start (Element not found error is reported after a few seconds, and if I try to run Edge again before that popup window, some other error occurs as well). I am mentioning Edge, because it always reproduces the...