madshi.net

Kind of found the problem. If I remove the MessageBoxW call from the HookProcessCreation.dll demo, everything works as expected. I suspect that MessageBoxW internally does some wide<->ansi conversion and thus violates hooking rule 7... :( Anyway, it's not a bug in madCodeHook. This behaviour is exac...

No. Hmmm... Well, it should be smaller than 2 GB...

Bin durch ausprobieren auf folgende Lösung gekommen: Compiliere ich die MadExcept DCUs ins Exe direkt mit rein, dann scheint alles zu funktionieren. Nehme ich "MadExcept_" in die Liste der Laufzeitpackages des EXEs auf, dann hängt sich MadExcept offenbar nicht in die Fehlerbehandlung ein....

I guess it's a problem with the HookProcessCreation.dll. But I'll check it.

Well, before going remote you should always test the stuff in your own process. You would have noticed that your code won't run there, either. You have at least one big bug in the code, which is that your NewWndProc needs to be "stdcall".

I've not that much knowledge about winSock functions. So listen to nildo there. Generally: You can remote execute *any* code, as long as you follow the rules. The most important ones are: No usage of global variables/constants (that includes global string constants!). No calls to any functions/APIs ...

madExcept muß sich in das Rtl70.bpl und Vcl70.bpl einklinken. Damit sind dann automatisch alle Module (exe + bpls), die auch Rtl70.bpl und Vcl70.bpl benutzen, von madExcept erfaßt. Allerdings werden Exceptions in Modulen, die nicht Rtl70.bpl und Vcl70.bpl benutzen, nicht automatisch von madExcept er...

If the code was write protected madCodeHook unprotects the code, patches it and then sets the page attribute back to PAGE_EXECUTE_READ. However, the GUARD stuff is ignored right now. I never met a guarded page yet! Do you have an example where madCodeHook is supposed to write to a guarded page?

I'm glad if you help here, cause that saves me time!

Hey, I think I can stop giving advices here. nildo is doing it just fine... :D Just some comments: (1) Using madCodeHook.Create/OpenGlobalFileMapping is recommend, because those functions work over the boundaries of XP fast user switching sessions. (2) mutantc0der, first you ask how you can send con...

If you want madExcept to catch exceptions in a exe + runtime bpl environment, you need to integrate madExcept into the exe project. You can do so by loading your exe project in Delphi, then in the project menu in the madExcept settings for your project by checking the option "handle exceptions&...

But you will then be unable to uninject the dll, due to the built-in protection against uninjecting. Well, you can kind of work around it. Your dll can during initialization check whether you're running inside of ZoneAlarm. If you do, just let DllEntryPoint fail (in Delphi by setting ExitCode to so...

When hooking APIs like CreateFile + CloseHandle system wide you have to very careful with what you do. Performance might be a problem, if your hook callback functions do too much work. The hook itself should not be a problem, though. Please make sure that you follow all hooking rules (see madCodeHoo...

Windows Management Instrumentation

OK that's a good hint. But how do I find that a dll is NOT in use anymore? In that case it could be replaced (without tricks like renaming) by just overwriting! We would have to delete the entry from the cache as soon as the file is not in use anymore. Hmmm... Wouldn't ReadDirectoryChangesW also re...