madshi.net

Hi Can I hook the file I/O APIs in WSL(Windows Subsystem for Linux)? For example when Ubunbu is installed on Windows 10 and "ls" command is issued, I'd like to hook the file I/O APIs. According to MSDN, the system calls on Linux is converted to the native Windows API by lxss.sys and lxcore...

I moved SHGetFolderPath() from hook dll to hook application(exe). And whenever hook dll needs to call SHGetFolderPath() it sends a request to hook application via MCH IPC.

And now everything works well.

Thank you madshi and iconic.

Here's what I've found out so far. "Shell32.dll" causes dwm.exe to malfunction for some reason. If my hook dll is dependent on Shell32.dll staticlly, when dwm.exe is injected my hook dll, Shell32.dll is loaded automatically and the black screen issue I mentioned occurs. So If I change my h...

After revmoing all statically linked libs(including madCodeHook lib), unused headers and c/c++ files from the dll, the black screen issue never happens.

I'll find out what caused the problem and leave the result soon.

1) Yes, I mean shutting down the computer by clicking Windows start button -> shutdown menu. 2) Yes, the hooking application is restored from hibernated state to running state again. So its process ID is not changed and I'm not calling InjectLibrary() again. 3) I've not tried that. My dll(which is i...

Update:

The cause was C:\Windows\System32\dwm.exe.

This process is classifed as "user process" by MCH. When I exclude this process explicitly in InjectLibrary, black screen does not appear.

I have an issue when injecting a dll into user processes. When Windows 10's fast startup is enabled, after turning on Windows, black screen is shown. 1. My hooking application(.exe) is launched by a Windows Service application. That is to say my service process(exe) launches my hooking application(e...

I've figured it out. It turns out that the implementation of SendIpcMessage() in Windows 7 conflicts with NtOpenProcess() hooking.

In my NtOpenProcess() hook function I blocked opening my exe process and that was the cause.

Thank you..

I've found a SendIpeMessage() bug on Windows 7(32/64bit). I'm using madCodeHook v3.1.13 In a hook dll, I call SendIpcMessage() like this: OutputDebugString(L"IPC Start"); SendIpcMessage("MyIpcName", (void*)&requestMessage[0], requestMessage.size(), &responseBuffer[0], siz...

Thank you madshi.

I've found the cause and resolved the problem.

madConfigDrv.exe was not the cause. Wrong signtool.exe was called.

Thank you..

Hi, I've found some weird bug in madConfigDrv.exe. To reproduct the bug: * Development environment: Windows 10, x64 machine, Visual Studio 2015(SP5) 1) Set up a Win32 empty project on Windows 10 and Visual Studio 2015(SP5). 2) In Post Build Event, set madConfigDrv.exe script(e.g. madConfigDrv.exe Xx...

Hi..

Injecting a dll into "services.exe" process in Windows 8.1 seems to be problematic.

InjectLibrary() returns true, but the dll is not loaded into services.exe.

But the same code works perfectly in Windows 7/XP.

Is there any way to work around this issue?

Thanks..

Hi.. I'm trying to hook connect() api for Internet Explorer 11 on Windows 8.1, but I can't figure out what API IE11 uses to connect to foreign hosts. I've tried connect(), ConnectEx(), WSAConnect(), WSAConnectByNameA(), WSAConnectByNameW() and WSAConnectByList() without any luck. I know this is not ...

1. The problem also occurs when the DebugOutputString() lines are removed.

2. I have reproduced the problem with your PrintMonitor demo. See the attached screenshot.

I found a very weird problem. Chrome web browser freezes after being hooked. Here's the source code for DLL: #define WIN32_LEAN_AND_MEAN #include <Windows.h> #include <WinSock2.h> #include "madCHook.h" static int (WINAPI *CloseSocketNext)(SOCKET s); static int WINAPI OnCloseSocketCalled1(S...