madshi.net

What API are you hooking in PhotosApp.exe on Windows 11 and is your project code in Delphi or c/c++? The main 2 or 3 things I can think of off the top of my head are the code design does not allow for disassembly that allows for this, it might be prone to a crash or too short, and the 2nd thing I ca...

I've tested the print monitor driver that comes with the demo and is pre-signed by Madshi in Safe Mode. I was only able to load the driver in Safe Mode after adding the proper entries to SafeBoot key and disabling SecureBoot. When SecureBoot was enabled and test signing was off it failed unfortunate...

Quick update, I've just run a couple of tests on Windows 10 Pro 22H2 x64 and a couple of standard drivers (not function or filter drivers, just basic) loaded fine for me in SafeMode even with SecureBoot enabled. I also checked if the driver was *truly* loaded and it was, the product worked as expect...

Your entries in the Registry seem ok to me after looking at them. It may be worth deleting the "Start Type" still present in your entry. If this is a newer Windows "Safe Boot" issue then clearly other 3rd-party drivers are also affected. On Windows 7 all works fine which usually ...

Hello, If you look at my original post I mention the error code STATUS_NOT_SAFE_MODE_DRIVER specifically. But, NtLoadDriver() still works fine here on Windows 7 Pro x64 in Safe Mode/Safe Boot. If MCH's driver is loading fine for you in "normal" boot it must definitely be an issue with Safe...

Hello, This is definitely a Windows Safe Mode issue with your driver. I know this because I booted up Windows 7 Pro x64 and was able to load MCH's driver without issue *only* after adding the entry to the SafeBoot Registry area. I could load and unload perfectly fine. If you try loading the MCH driv...

Hello, Safe Mode's purpose is to load only required system drivers in hopes of keeping 3rd party drivers from loading unless you're a filter driver or other driver tied into the system at a lower layer. This increases the chances of the system properly booting in case of some other buggy driver that...

@wandersonpaiva, I would likely guess it's accessing an already freed (and likely NILed) object, but it's hard to say of course with your exception log in this thread alone. I am curious however why you're using ScktComp with TClient/ServerSocket? It's riddled with issues and isn't nearly as develop...

A simple reboot fixed the problem

Great! In looking into drag and drop we now can add support for instances that can be elevated so it will also work properly, otherwise I'd have not looked at the D'nD code to begin with.

--Iconic

SteveG, Are you by chance running MadExcept Viewer with elevated rights (administrative rights)? If so, drag and drop support in the app would require a modified window filter due to UIPI from Vista up. I checked the viewer code and it does not add the necessary window messages to support such a cas...

Yes, in order to inject into UWP/Metro apps you must include that flag, it's not included automatically. Glad you were able to figure it out and have it working. Also, just a note, as Madshi said your DLL file will need the security permissions "ALL APPLICATION PACKAGES" and on newer OSes ...

Good catch, thank you for pointing this out

--Iconic

GetTickCount()/GetTickCount64() is not process or thread-based, it simply counts the CPU ticks (clock ticks) since the system booted. OS Suspension/Hibernation has absolutely no effect on the API whatsoever.

--Iconic

Thanks for reporting back to us

--Iconic

Hello, Here's the quick explanation of Docker injection, we've updated MCH to support injection for such cases to work with Docker but it's only currently for usermode last I checked (InjectLibrary(non-system-driver-flag-or-processhandle)). Basically, the older versions of MCH relied on the fact tha...