madshi.net

The problem is probably that madCodeHook makes use of a kernel driver for global hooking, and Windows Vista doesn't play nice with drivers (it's a "security feature"). So unless Madshi has some way around that, I recomend you just make your own global hooking code (eg. hook all variants of...

Hey all, I've just been working on a KiFastSystemCall hook using madCodeHook and since it was a bit harder than I would have hoped, I figured I'd share my code (incase someone cares :P). program KiFastSystemCall; uses Windows, madCodeHook, SysUtils; var realKiFastSystemCall: procedure; dwIndexPVM: D...

iconic wrote:

DeleteFileA being the one that sometimes gets aliased to DeleteFile.

DeleteFile being the one that always gets aliased to DeleteFileA.

--Iconic

yes, however you'd like to say it.

DeleteFileA being the one that sometimes gets aliased to DeleteFile.

A temporary soloution would be to modify the driver so it was no longer detected (Usualy just moving some code around, renaming some functions, and changing linker settings does the trick.)

I couldn't seem to make ProcessIdToFileName work. but the issue isnt that it's getting it's own handle, not quite sure what was up really, but i've just decided to use a toolhelp32 snapshot. here's my final working code: library XGBR; {$R 'RSRC.res' 'RSRC.RC'} Uses Windows, TlHelp32, madCHook; var r...

hey again, i've hooked WriteProcessMemory with madCodeHook and i'm trying to get the program to show me what processes it's writing to, so i'm using madRemote's EnumProcesses and it keeps returning "[System Process]" is there anything i can do about that? this is my code: library XGBR; {$R...

yeah, it was happening with everything i tried... turns out i just needed to reboot, the program had sent up some sort of red flag the first time i tried to hook and wasnt running any more (with or without dlls). Got it now anyway, and works with mixture hooking all is well. thanks.

god damnit, sorry it seems to be my dll, and by my dll I mean any delphi compiled dll, that's making it exit. :/ I know this isnt exactly madCodeHook related, but any ideas?

alright thanks. now, and even n00ber question :/ what do i have to set the MIXTURE_MODE flag to to enable it?


edit: or how do i use it :/ because i think i have no idea.

edit2: got it, testing.

I'm rather willing to take that chance. currently madCodeHook is using code overwriting and it is "working" in so much as it sucessfully overwrites the code. Unfortunately the application I'm attempting to hook notices this and exits. And I know for a fact IAT patching works because I've d...

Hey, I'm wondering if it's possible (I'm under the impression it is) to use IAT patching with madCodeHook rather than the overwriting, and if so how i would go about doing that.

Thanks,
Xan

Excelent that agreement seems very fair.

haha you almost nailed it with the third one, yeah. quite close to that.

Hey, I just devised a way to use the free version of madCodeHook in my (non commercial) app without visibly shipping the DLL. Am I allowed to do that? (I didn't modify the dll at all)