madshi.net

UAC (not AUC dyslexia dixit) dialog ask for elevated privileges .

i will try with last beta. Thanks again!

hi,

This also seems to happen with the AUC. If start a process with "run as admin" the hooks will work, but the ipc message does not arrive.

Tested win10, win8.1 + mch4 last beta.

i will try to generate one, but it can't be difficulty because is the environment of a customer. I will send you a PM.

as usual, fast like lightning madshi

are from chrome, not mine.
if not running AV or inject without FOLLOW_JMP the uninjection is done correctly

Hi everyone, Mch4 in windows10 (aniversary with secure boot disabled), has the same behavior described in the thread http://forum.madshi.net/viewtopic.php?f=7&t=28319 if the antivirus (symantec EndPoint Protection 12.1.16) and chrome (56.0.2924.87 (Official build) (64 bits)) are present, the FOL...

this makes a lot of sense, vielen dank madshi!

well, I'm not sure but I think the hook only collects the calls of process itself. The debugger only stops at the calls to ntopenfile of the process itself. With createproccessw stop in every call. guess i'm doing something wrong but do not see it.

hi madshi!

madshi wrote:What is the problem exactly?

the hook ntopenfile seems not to work in systemwide, the CreateProcessW works without problem

:S

Hi, i'm still trying, without any luck, to wide hook the ntopenfile and ntcreatefile with v3 of madcodehook in win7 32b. In debug mode only catch the call's of self process,i'm injecting the dll with dllinjector32.exe (without problem). In the same dll was CreateProcessW hook and works fine. NTSTATU...

solved, for the docu!

win7 does not support sha-256 (waiting for a patch) for kernel drivers!!!!

solution: Reissue the cert as sha-1.

now i can sign the driver!

ok thanks madshi, I'll contact globalsign support.

re-signing the driver make the injection fail. I try to sign it with the tool from GlobalSign (without erros) with the same result, fail to inject.

you want test with the driver signed by me?

Hi madshi, Your code runs fine -ofcourse- And yes, i only change the name of the cert, download the mscross from http://go.microsoft.com/fwlink/?LinkId=321777 (Global sign) The only difference I see is in ca name. GlobalSign CodeSigning CA - SHA256 -G2 in my one and GlobalSign CodeSigning CA -G2 in ...

Hi everyone, First of all congratulate you all for the great work! and sorry for my bad English. I'm testing the driver signature HookProcessCreation example with window 7 64bit Home Premium and codehook 3.1.7. Once configured the "configDrivers.bat" with paths, certificate name and AC &qu...