madshi.net

I've never tried it with anything other than msvc++ and delphi. dev-c++ IDE internally pipes out to GCC so maybe you should refer to GCC's documentation or a newsgroup who might also have had linking import reference problems.

--Iconic

I'm pretty sure it's old so i wouldn't worry too much about the AV false positive. Power comes with responsibility, if someone uses your collection for malicious purposes they are disrespecting your wishes intentionally and ruining a great library for others. With all due respect I would have never ...

After compiling an own NT service which is using the actual Version of madchook.dll (I used Delphi 2005) I got false alerts from Symantecs Enterprise Edition which finds an OptixPro .13 Trojan. The Trojan itself is found in the EXE file of the service NOT in the dll-file. When I remove the "MA...

dharber since this seems to be very important to you I might ask one additional question, have you tried doing some fashion of logging processes when it comes to injecting into them. In other words, when you check for the process of interest in DLL main's dll_process_attach you could log _which_ pro...

you can verify that with this, start your application, call InjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'inject.dll'); and then exit your program. After that you can (if you are on XP or higher) use tasklist which comes with this os to determine which dll modules are loaded into which processes,...

the dll stays injected unless the injector (your main app) calls UninjectLibrary(.., ..);

--Iconic

Madshi, awesome! Yeah the var section is relocated to the proper (delphi-wise) reserved var area for local variable declarations but the fact that I don't have to scroll up sometimes hundreds of lines to declare a variable is somewhat of a time-saver at least for me =) Well keep up the incredible wo...

I see, well the only reason i mentioned it is because the mem mgr is supposed to be redesigned, refaktoring support improved, operator overloading added (I think it was DeXter for this), var declarations are now permitted in begin..end blocks, similar to c/c++ var decs in the middle of a function as...

In regards to what you said I completely agree with why your customers would use this approach, it's simply effective and gets the job done without needing to poll process threads with the chance of missing calls from the time you would detect the process creation and inject your dll. I hear you lou...

as far as setting off alarms, system wide injection is notorious for such bells and whistles, Madshi. Most newage AV software and Firewalls have forms of injection stoppage, actually some will allow you to permit/deny the action based on the users response to the alert. The code injection site (in h...

Both is a polling approach, which is not only ugly and time consuming, but it will also result in an injection delay. The target process will be up for some milliseconds before the hook dll is injected. So some important API calls might not be hooked. agreed, i only mentioned those methods particul...

does UninjectLibrary only return false when you're attempting to call it in the process_detach event? I think maybe Madshi is the only one who can advise you with that issue since i don't program in c# and more importantly I didn't write his functions :( I understand what you mean though, if injectl...

If I was only concerned about only 1 process in particular I believe that injecting into multiple processes is somewhat overkill, imho. Although it makes a lot of sense to do this and check in dll_process_attach to check for the right given process and if it's not the right one return false but agai...

i normally start the process myself with your CreateProcessEx(), which behaves like Windows CreateProcess but patches the target with the DLL with the additional parameter in your function, it works well. As far as using the method you described that some of your customers use i haven't done that in...

If you fill the InjectLibrary function's 1st param with a process handle obtained via OpenProcess etc.. that is considered "thread-specific hooking", meaning you are only affecting one process, period. Your DLL is never mapped into the address space of any other process other than the proc...