madshi.net

Your entries in the Registry seem ok to me after looking at them. It may be worth deleting the "Start Type" still present in your entry. If this is a newer Windows "Safe Boot" issue then clearly other 3rd-party drivers are also affected. On Windows 7 all works fine which usually ...

Hello, If you look at my original post I mention the error code STATUS_NOT_SAFE_MODE_DRIVER specifically. But, NtLoadDriver() still works fine here on Windows 7 Pro x64 in Safe Mode/Safe Boot. If MCH's driver is loading fine for you in "normal" boot it must definitely be an issue with Safe...

Hello, This is definitely a Windows Safe Mode issue with your driver. I know this because I booted up Windows 7 Pro x64 and was able to load MCH's driver without issue *only* after adding the entry to the SafeBoot Registry area. I could load and unload perfectly fine. If you try loading the MCH driv...

Hello, Safe Mode's purpose is to load only required system drivers in hopes of keeping 3rd party drivers from loading unless you're a filter driver or other driver tied into the system at a lower layer. This increases the chances of the system properly booting in case of some other buggy driver that...

@wandersonpaiva, I would likely guess it's accessing an already freed (and likely NILed) object, but it's hard to say of course with your exception log in this thread alone. I am curious however why you're using ScktComp with TClient/ServerSocket? It's riddled with issues and isn't nearly as develop...

A simple reboot fixed the problem

Great! In looking into drag and drop we now can add support for instances that can be elevated so it will also work properly, otherwise I'd have not looked at the D'nD code to begin with.

--Iconic

SteveG, Are you by chance running MadExcept Viewer with elevated rights (administrative rights)? If so, drag and drop support in the app would require a modified window filter due to UIPI from Vista up. I checked the viewer code and it does not add the necessary window messages to support such a cas...

Yes, in order to inject into UWP/Metro apps you must include that flag, it's not included automatically. Glad you were able to figure it out and have it working. Also, just a note, as Madshi said your DLL file will need the security permissions "ALL APPLICATION PACKAGES" and on newer OSes ...

Good catch, thank you for pointing this out

--Iconic

GetTickCount()/GetTickCount64() is not process or thread-based, it simply counts the CPU ticks (clock ticks) since the system booted. OS Suspension/Hibernation has absolutely no effect on the API whatsoever.

--Iconic

Thanks for reporting back to us

--Iconic

Hello, Here's the quick explanation of Docker injection, we've updated MCH to support injection for such cases to work with Docker but it's only currently for usermode last I checked (InjectLibrary(non-system-driver-flag-or-processhandle)). Basically, the older versions of MCH relied on the fact tha...

I don't think that it's the cert being bad or anything like that I agree, however something related is the most likely determinant. Unfortunately, we have no way of identifying whatever metrics they're using to decide risk factors. The days of plain signature-based detection is long over and most A...

@aehimself As a test only, does it happen if you remove the cert embedded in madCollection.exe? Some quick code I wrote to do this programmatically, easy to port to c/c++ if required. // Uses ImageHlp function RemoveDigitalCerts(const lpFileName: PWChar): BOOL; var hFile: THandle; begin // file migh...

Definitely disappointing indeed, seems some of these AVs are all of a sudden flagging a product setup that's been around for over 2 decades. More confusing is that the Installer is even signed with SHA-256 and the cert was never abused :confused: :o :confused: I guess all you can really do is contin...