hmm. i got it.
The cause was the use of "/" as a path separator in the pathname of the DLL file when calling InjectLibraryW. We realized that using / as a path separator caused the GetFileHash function inside AddDLL to call ZwCreateFile, which caused ZwCreateFile to fail.
Search found 28 matches
- Wed Nov 29, 2023 5:46 am
- Forum: madCodeHook
- Topic: [question] error code 31..
- Replies: 3
- Views: 34212
- Thu Nov 23, 2023 2:31 am
- Forum: madCodeHook
- Topic: [question] error code 31..
- Replies: 3
- Views: 34212
[question] error code 31..
i use mch 4.2.1 I tried to perform an injection with the procedure below, but I get error code 31. 1. Build the Hook DLL and sign it with SHA256. 2. add the Hook DLL to the driver using madConfigDrv. I used the command line below. madConfigDrv iMonFTS-HookX64.sys iMonFTS-Hook -unsafeStopAllowed -cer...
- Tue Nov 07, 2023 2:24 am
- Forum: madCodeHook
- Topic: [request] inject dll on specified process(pid) by driver
- Replies: 1
- Views: 4775
[request] inject dll on specified process(pid) by driver
i use mch 4.2.1 We're making this request for the following reasons First of all, we have already created and are using a driver to notify process launch/termination and we cannot remove this driver. Secondly, only certain processes need to be injected. Therefore, when we called the InjectLibrary fu...
- Fri Oct 25, 2019 4:49 am
- Forum: madCodeHook
- Topic: Windows XP - Injection doesn't work
- Replies: 10
- Views: 14900
Re: Windows XP - Injection doesn't work
i use msvc 2015 with update 3( c++ ), and mch 4.1.2+( mch beta, madcollection 2.8.8.9 , because of approvalcallback )
- Thu Oct 24, 2019 2:21 am
- Forum: madCodeHook
- Topic: Windows XP - Injection doesn't work
- Replies: 10
- Views: 14900
Re: Windows XP - Injection doesn't work
and, i test with any setting include mask / excludemask on windows xp.
and sam result.
and sam result.
- Wed Oct 23, 2019 8:07 am
- Forum: madCodeHook
- Topic: Windows XP - Injection doesn't work
- Replies: 10
- Views: 14900
Re: Windows XP - Injection doesn't work
Yes, This is only Windows XP. Vista ~ Windows 10 works well. ( both of x86 and x64 ) below these options which i use isInjectToSystemProcesses = true ispermanent = false isinjectometroapps = true isuseIATPatching = false isSystemWide = true IncludeMask = * ExcludeMask = GetModuleList-x64.exe|iMonLop...
- Wed Oct 23, 2019 7:14 am
- Forum: madCodeHook
- Topic: Windows XP - Injection doesn't work
- Replies: 10
- Views: 14900
Re: Windows XP - Injection doesn't work
i use below options
all session
system process include
running process include injection
no include mask
some exclude mask( smss.exe wininit.exe etc.... )
all session
system process include
running process include injection
no include mask
some exclude mask( smss.exe wininit.exe etc.... )
- Wed Oct 23, 2019 6:28 am
- Forum: madCodeHook
- Topic: Windows XP - Injection doesn't work
- Replies: 10
- Views: 14900
Windows XP - Injection doesn't work
Recently, when we try injection on Windows XP using MadCodeHook, we confirmed that injection fails with very high probability. OS: Windows XP SP3 MCH : madCollection 2.8.8.9(beta) Symptom 1: It is not injected into the processes already in place, but then injected into the processes that are execute...
- Thu Aug 29, 2019 8:35 am
- Forum: madCodeHook
- Topic: [Request] DLL Approval Callback
- Replies: 16
- Views: 23180
Re: [Request] DLL Approval Callback
tested with latest build by first binaries( dual sign )
os : windows 10, 1903, 18362.10015, x64
dll : vs2015 target xp, release build
test result : works for me( very well!! )
ps. can I reliably obtain the handle of the process inside the dll approval callback?
ps. release date ETAs?
os : windows 10, 1903, 18362.10015, x64
dll : vs2015 target xp, release build
test result : works for me( very well!! )
ps. can I reliably obtain the handle of the process inside the dll approval callback?
ps. release date ETAs?
- Thu Aug 29, 2019 1:49 am
- Forum: madCodeHook
- Topic: [Request] DLL Approval Callback
- Replies: 16
- Views: 23180
Re: [Request] DLL Approval Callback
sorry for late reply. 1) test for your dlls. and works for me, windows 10. so i test my own dlls, sys. but failed. i didn't use *any* PE Packer or PE Protector at all. when only dual sign (SHA1, SHA256) test failed. so, i test only sha1 sign test, but failed. current running process approval callbac...
- Wed Aug 28, 2019 12:44 am
- Forum: madCodeHook
- Topic: [Request] DLL Approval Callback
- Replies: 16
- Views: 23180
Re: [Request] DLL Approval Callback
Thank you for reply.
In addition, would it be a problem for my system to kill the process inside Dll Approval Callback?
In addition, would it be a problem for my system to kill the process inside Dll Approval Callback?
- Tue Aug 27, 2019 6:37 am
- Forum: madCodeHook
- Topic: [Request] DLL Approval Callback
- Replies: 16
- Views: 23180
Re: [Request] DLL Approval Callback
Windows 10 , 1903, 18362.10015, X64
On x64 Service, i set include mask totalcmd.exe|totalcmd64.exe ,
but i received only when totalcmd64.exe launched. besieds, only once.
i attachments my sys,dlls. Driver Name = "iMonLOPE1020", driver and dll signed.
On x64 Service, i set include mask totalcmd.exe|totalcmd64.exe ,
but i received only when totalcmd64.exe launched. besieds, only once.
i attachments my sys,dlls. Driver Name = "iMonLOPE1020", driver and dll signed.
- Tue Aug 27, 2019 4:15 am
- Forum: madCodeHook
- Topic: [Request] DLL Approval Callback
- Replies: 16
- Views: 23180
[Request] DLL Approval Callback
64bit service both inject x86 and x64 dll.
but, i cannot receive dll approval callback when x86 process injected.
Also, at the moment, once a process is approved, it doesn't ask if it is run again, but I want to ask every time a process is run.
but, i cannot receive dll approval callback when x86 process injected.
Also, at the moment, once a process is approved, it doesn't ask if it is run again, but I want to ask every time a process is run.
- Thu Nov 29, 2018 1:41 am
- Forum: madCodeHook
- Topic: [Request] DLL Injection Approval Callback
- Replies: 10
- Views: 13136
Re: [Request] DLL Injection Approval Callback
sorry for late reply... first, for a while, i attempt to build 64bit service... but, i coudln't make because of using custom qt framework. - i using custom made qt framework 4.8.7 ( backport from qt 5.x ) code : https://gitlab.com/JungGyuHo/QtForWin second, my company's auto update system don't supp...
- Tue Nov 20, 2018 4:21 am
- Forum: madCodeHook
- Topic: [Request] DLL Injection Approval Callback
- Replies: 10
- Views: 13136
Re: [Request] DLL Injection Approval Callback
Thanks for reply. hmm,... Even if I make the service 64-bit version, I still need an injector because I need to control both 32-bit and 64-bit processes( and dll ). for example. 32bit os service( x86 ) : injecting x86 process, receiving ipc message from x86 dll 64bit os service( x64 ) : injecting x6...