Search found 10768 matches
- Thu Jul 01, 2004 3:46 pm
- Forum: madCodeHook
- Topic: Bug in MCH? CreateProcess hook problem under Win NT 4
- Replies: 5
- Views: 8091
Kind of found the problem. If I remove the MessageBoxW call from the HookProcessCreation.dll demo, everything works as expected. I suspect that MessageBoxW internally does some wide<->ansi conversion and thus violates hooking rule 7... :( Anyway, it's not a bug in madCodeHook. This behaviour is exac...
- Thu Jul 01, 2004 3:20 pm
- Forum: madRemote
- Topic: A few Nooberish Questions...
- Replies: 16
- Views: 47279
- Thu Jul 01, 2004 3:17 pm
- Forum: madExcept
- Topic: Register my own Exceptionhandler
- Replies: 5
- Views: 9636
Re: Exe mit Laufzeitpackages
Bin durch ausprobieren auf folgende Lösung gekommen: Compiliere ich die MadExcept DCUs ins Exe direkt mit rein, dann scheint alles zu funktionieren. Nehme ich "MadExcept_" in die Liste der Laufzeitpackages des EXEs auf, dann hängt sich MadExcept offenbar nicht in die Fehlerbehandlung ein....
- Thu Jul 01, 2004 1:38 pm
- Forum: madCodeHook
- Topic: Bug in MCH? CreateProcess hook problem under Win NT 4
- Replies: 5
- Views: 8091
- Thu Jul 01, 2004 1:37 pm
- Forum: madCodeHook
- Topic: SetWindowLong
- Replies: 2
- Views: 7133
- Thu Jul 01, 2004 1:34 pm
- Forum: madRemote
- Topic: A few Nooberish Questions...
- Replies: 16
- Views: 47279
I've not that much knowledge about winSock functions. So listen to nildo there. Generally: You can remote execute *any* code, as long as you follow the rules. The most important ones are: No usage of global variables/constants (that includes global string constants!). No calls to any functions/APIs ...
- Wed Jun 30, 2004 2:52 pm
- Forum: madExcept
- Topic: Register my own Exceptionhandler
- Replies: 5
- Views: 9636
madExcept muß sich in das Rtl70.bpl und Vcl70.bpl einklinken. Damit sind dann automatisch alle Module (exe + bpls), die auch Rtl70.bpl und Vcl70.bpl benutzen, von madExcept erfaßt. Allerdings werden Exceptions in Modulen, die nicht Rtl70.bpl und Vcl70.bpl benutzen, nicht automatisch von madExcept er...
- Wed Jun 30, 2004 10:55 am
- Forum: madCodeHook
- Topic: Restoring VirtualProtection status?
- Replies: 1
- Views: 5112
- Wed Jun 30, 2004 6:44 am
- Forum: madCodeHook
- Topic: Share configuration between DLLs
- Replies: 7
- Views: 14122
- Tue Jun 29, 2004 7:24 pm
- Forum: madCodeHook
- Topic: Share configuration between DLLs
- Replies: 7
- Views: 14122
Hey, I think I can stop giving advices here. nildo is doing it just fine... :D Just some comments: (1) Using madCodeHook.Create/OpenGlobalFileMapping is recommend, because those functions work over the boundaries of XP fast user switching sessions. (2) mutantc0der, first you ask how you can send con...
- Tue Jun 29, 2004 7:19 pm
- Forum: madExcept
- Topic: Register my own Exceptionhandler
- Replies: 5
- Views: 9636
- Tue Jun 29, 2004 5:54 pm
- Forum: madCodeHook
- Topic: Uninjected dll not completely released
- Replies: 24
- Views: 29591
But you will then be unable to uninject the dll, due to the built-in protection against uninjecting. Well, you can kind of work around it. Your dll can during initialization check whether you're running inside of ZoneAlarm. If you do, just let DllEntryPoint fail (in Delphi by setting ExitCode to so...
- Mon Jun 28, 2004 7:03 pm
- Forum: madCodeHook
- Topic: Hook when any file is closed
- Replies: 4
- Views: 7793
When hooking APIs like CreateFile + CloseHandle system wide you have to very careful with what you do. Performance might be a problem, if your hook callback functions do too much work. The hook itself should not be a problem, though. Please make sure that you follow all hooking rules (see madCodeHoo...
- Mon Jun 28, 2004 5:41 pm
- Forum: madCodeHook
- Topic: Process in and out..
- Replies: 5
- Views: 9907
- Sun Jun 27, 2004 9:38 am
- Forum: madCodeHook
- Topic: DLL and VBScript execution hooking
- Replies: 10
- Views: 11457
OK that's a good hint. But how do I find that a dll is NOT in use anymore? In that case it could be replaced (without tricks like renaming) by just overwriting! We would have to delete the entry from the cache as soon as the file is not in use anymore. Hmmm... Wouldn't ReadDirectoryChangesW also re...