Search found 28 matches

by jgh0721
Wed Nov 29, 2023 5:46 am
Forum: madCodeHook
Topic: [question] error code 31..
Replies: 3
Views: 34088

Re: [question] error code 31..

hmm. i got it.

The cause was the use of "/" as a path separator in the pathname of the DLL file when calling InjectLibraryW. We realized that using / as a path separator caused the GetFileHash function inside AddDLL to call ZwCreateFile, which caused ZwCreateFile to fail.
by jgh0721
Thu Nov 23, 2023 2:31 am
Forum: madCodeHook
Topic: [question] error code 31..
Replies: 3
Views: 34088

[question] error code 31..

i use mch 4.2.1 I tried to perform an injection with the procedure below, but I get error code 31. 1. Build the Hook DLL and sign it with SHA256. 2. add the Hook DLL to the driver using madConfigDrv. I used the command line below. madConfigDrv iMonFTS-HookX64.sys iMonFTS-Hook -unsafeStopAllowed -cer...
by jgh0721
Tue Nov 07, 2023 2:24 am
Forum: madCodeHook
Topic: [request] inject dll on specified process(pid) by driver
Replies: 1
Views: 4737

[request] inject dll on specified process(pid) by driver

i use mch 4.2.1 We're making this request for the following reasons First of all, we have already created and are using a driver to notify process launch/termination and we cannot remove this driver. Secondly, only certain processes need to be injected. Therefore, when we called the InjectLibrary fu...
by jgh0721
Fri Oct 25, 2019 4:49 am
Forum: madCodeHook
Topic: Windows XP - Injection doesn't work
Replies: 10
Views: 14583

Re: Windows XP - Injection doesn't work

i use msvc 2015 with update 3( c++ ), and mch 4.1.2+( mch beta, madcollection 2.8.8.9 , because of approvalcallback )
by jgh0721
Thu Oct 24, 2019 2:21 am
Forum: madCodeHook
Topic: Windows XP - Injection doesn't work
Replies: 10
Views: 14583

Re: Windows XP - Injection doesn't work

and, i test with any setting include mask / excludemask on windows xp.

and sam result. :-(
by jgh0721
Wed Oct 23, 2019 8:07 am
Forum: madCodeHook
Topic: Windows XP - Injection doesn't work
Replies: 10
Views: 14583

Re: Windows XP - Injection doesn't work

Yes, This is only Windows XP. Vista ~ Windows 10 works well. ( both of x86 and x64 ) below these options which i use isInjectToSystemProcesses = true ispermanent = false isinjectometroapps = true isuseIATPatching = false isSystemWide = true IncludeMask = * ExcludeMask = GetModuleList-x64.exe|iMonLop...
by jgh0721
Wed Oct 23, 2019 7:14 am
Forum: madCodeHook
Topic: Windows XP - Injection doesn't work
Replies: 10
Views: 14583

Re: Windows XP - Injection doesn't work

i use below options

all session
system process include
running process include injection
no include mask
some exclude mask( smss.exe wininit.exe etc.... )
by jgh0721
Wed Oct 23, 2019 6:28 am
Forum: madCodeHook
Topic: Windows XP - Injection doesn't work
Replies: 10
Views: 14583

Windows XP - Injection doesn't work

Recently, when we try injection on Windows XP using MadCodeHook, we confirmed that injection fails with very high probability. OS: Windows XP SP3 MCH : madCollection 2.8.8.9(beta) Symptom 1: It is not injected into the processes already in place, but then injected into the processes that are execute...
by jgh0721
Thu Aug 29, 2019 8:35 am
Forum: madCodeHook
Topic: [Request] DLL Approval Callback
Replies: 16
Views: 22734

Re: [Request] DLL Approval Callback

tested with latest build by first binaries( dual sign )

os : windows 10, 1903, 18362.10015, x64
dll : vs2015 target xp, release build

test result : works for me( very well!! )

ps. can I reliably obtain the handle of the process inside the dll approval callback?
ps. release date ETAs?
by jgh0721
Thu Aug 29, 2019 1:49 am
Forum: madCodeHook
Topic: [Request] DLL Approval Callback
Replies: 16
Views: 22734

Re: [Request] DLL Approval Callback

sorry for late reply. 1) test for your dlls. and works for me, windows 10. so i test my own dlls, sys. but failed. i didn't use *any* PE Packer or PE Protector at all. when only dual sign (SHA1, SHA256) test failed. so, i test only sha1 sign test, but failed. current running process approval callbac...
by jgh0721
Wed Aug 28, 2019 12:44 am
Forum: madCodeHook
Topic: [Request] DLL Approval Callback
Replies: 16
Views: 22734

Re: [Request] DLL Approval Callback

Thank you for reply.

In addition, would it be a problem for my system to kill the process inside Dll Approval Callback?
by jgh0721
Tue Aug 27, 2019 6:37 am
Forum: madCodeHook
Topic: [Request] DLL Approval Callback
Replies: 16
Views: 22734

Re: [Request] DLL Approval Callback

Windows 10 , 1903, 18362.10015, X64

On x64 Service, i set include mask totalcmd.exe|totalcmd64.exe ,

but i received only when totalcmd64.exe launched. besieds, only once.

i attachments my sys,dlls. Driver Name = "iMonLOPE1020", driver and dll signed.
by jgh0721
Tue Aug 27, 2019 4:15 am
Forum: madCodeHook
Topic: [Request] DLL Approval Callback
Replies: 16
Views: 22734

[Request] DLL Approval Callback

64bit service both inject x86 and x64 dll.
but, i cannot receive dll approval callback when x86 process injected.

Also, at the moment, once a process is approved, it doesn't ask if it is run again, but I want to ask every time a process is run.
by jgh0721
Thu Nov 29, 2018 1:41 am
Forum: madCodeHook
Topic: [Request] DLL Injection Approval Callback
Replies: 10
Views: 12872

Re: [Request] DLL Injection Approval Callback

sorry for late reply... first, for a while, i attempt to build 64bit service... but, i coudln't make because of using custom qt framework. - i using custom made qt framework 4.8.7 ( backport from qt 5.x ) code : https://gitlab.com/JungGyuHo/QtForWin second, my company's auto update system don't supp...
by jgh0721
Tue Nov 20, 2018 4:21 am
Forum: madCodeHook
Topic: [Request] DLL Injection Approval Callback
Replies: 10
Views: 12872

Re: [Request] DLL Injection Approval Callback

Thanks for reply. hmm,... Even if I make the service 64-bit version, I still need an injector because I need to control both 32-bit and 64-bit processes( and dll ). for example. 32bit os service( x86 ) : injecting x86 process, receiving ipc message from x86 dll 64bit os service( x64 ) : injecting x6...