Search found 5 matches

by raners
Wed Feb 13, 2019 2:41 pm
Forum: madCodeHook
Topic: Windows 10 SearchUI.exe
Replies: 23
Views: 36773

Re: Windows 10 SearchUI.exe

Can anyone expose to us if this method is working (to resume suspended processes)?
by raners
Thu Mar 01, 2018 12:29 pm
Forum: madCodeHook
Topic: InitializeMadCHook() crash when debugging
Replies: 7
Views: 8617

Re: InitializeMadCHook() crash when debugging

Hi again... We now changed the injecting mechanism on debugging machine... Instead of using "Appinit_dlls" registry value, we now build a helping app, which calls "InstallInjectionDriver()" and then "InjectLibrary()" with currently debugged "x.dll" (and we inj...
by raners
Wed Feb 28, 2018 9:14 am
Forum: madCodeHook
Topic: InitializeMadCHook() crash when debugging
Replies: 7
Views: 8617

Re: InitializeMadCHook() crash when debugging

Hmmm, strange... I'm suprised... When I changed the debugging program (which is run when debugging starts), everything works well... No, Foxit Reader is not our program. We're using it in the past because everything worked well... If you want to try, here is the install file: https://0patch.com/poc/...
by raners
Wed Feb 28, 2018 7:19 am
Forum: madCodeHook
Topic: InitializeMadCHook() crash when debugging
Replies: 7
Views: 8617

Re: InitializeMadCHook() crash when debugging

An error popup appears: First-chance exception at 0x778e1d26 (ntdll.dll) in Foxit Reader.exe: 0xC0000005: Access violation writing location 0x00000014. Disassembly: { if (seia(count, ea, NULL, &dacl)) 64A37950 8D 45 B0 lea eax,[dacl] 64A37953 50 push eax 64A37954 6A 00 push 0 64A37956 8D 8D 20 F...
by raners
Tue Feb 27, 2018 3:00 pm
Forum: madCodeHook
Topic: InitializeMadCHook() crash when debugging
Replies: 7
Views: 8617

InitializeMadCHook() crash when debugging

Hi! Today, after a long time, we need to debug some new code in our project and it turns out that when tried to debugging, the program crashed on InitializeMadCHook() - more specific in function InitSecurityAttributes() (file ObjectTools.cpp). We are using MCH 4.0.4 and when debugging, the program c...