madshi.net

Great! Thanks!

Hey everyone, I want to make a small application for a research that hooks functions that I don't know their signature and simply trace the parameters of a predefined stack size. I was thinking of making my replaced function an ellipsis function, but than, how would I make the call to the original f...

Also, I've use an IPC mechanism I have to try and unhook before the dll main (before uninjecting the libraries) and it still crashes.

Sending by mail...

no...

1. I do use the latest version. btw, is there a way to verify what is the installed version?

2. I did not succeed in reproducing it on a small scale demo, and I don't have the source code. I can try and produce a dump if you like.

Hey, This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread. In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode(). In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails. The problem is t...

1. Okay, I'll move FinalizeMadCHook to be the last thing in the DLL_PROCESS_DETACH (that means that manual unhook will actually perform the unhooking).
2. I will try to reproduce it in a small project
3. No I don't

I do call it, but I am calling it after the cleanup. I'll call it first.
I will also call the unhook manually (just to be sure....)

The current workaround works fine for me.

Do you want me to help out debugging the auto-unhook? Its pretty easy for me to reproduce....

Hey, I have a feature request, calling an exported function in the injected DLL after successful injection (not in DLL_PROCESS_ATTACH context) another exported function before DLL_PROCESS_DETACH during the uninject process. This will make the initialization and cleanup process easier. Of course we i...

An update: If I uninstall myself during DLL_PROCESS_DETACH it does work (tried 3 times, but looks okay so far). The point is that it in some applications the functions are getting cleaned-up successfully, so UnhookCode() fails with GetLastError()==0 (my last question). So my current workaround is to...

Hey,
Sorry it took me a few days.

I am sure that the hooks have not been removed before DLLMain() with DLL_PROCESS_DETACH.
I am hooking CoCreateInstance(), in the DLL_PROCESS_DETACH I called CoCreateInstance() and it reached my hooked function.

So what is the next step of debugging this ?

2. When I wrote I uninject manually I meant using "UninjectAllLibraries()" function. Sorry, I thought it goes through the driver. I will recheck again, but I am pretty sure. I *sometimes* get a create when CoCreateInstance() (my CoCreateInstance) is being called. I just thought that I can ...

Hey, I recently learned (through a post in this forum) that when I uninject all uninjected DLLs (inject using the driver) I don't need to unhook manually because all the functions get unhooked automatically before PROCESS_DETACH. I have few questions regarding this: 1. In case the process dies (bein...

Sorry took me some time to answer, I wanted to be sure that's the problem.
It seems there is a resource leak in OpenSSL and than was the problem.

Thanks again!