I am trying to prevent my program from being closed. So, I hooks TerminateProcess etc.
DLL:
if myprogram then
dontkill
else
goahead
What is the best way to check "myprogram" is really my program?
File name?
Hash?? It can make system slower if the file size is big..
Any idea?
Search found 49 matches
- Thu Aug 26, 2010 3:09 pm
- Forum: fun talk
- Topic: Determine own file from being closed
- Replies: 1
- Views: 9605
- Fri Aug 20, 2010 10:04 am
- Forum: madCodeHook
- Topic: CreateIpcQueue on a thread?
- Replies: 5
- Views: 3946
Wait, my english is bad, I'm little a confused The point is even I call CreateIpcQueue in the main thread, the IPC queue callback function is *always* called in a *secondary* thread created by the IPC queue. So I don't have to create a new thread to call CreateIpcQueue. My purpose is to make sure ca...
- Fri Aug 20, 2010 4:18 am
- Forum: madCodeHook
- Topic: CreateIpcQueue on a thread?
- Replies: 5
- Views: 3946
- Mon Aug 16, 2010 5:54 am
- Forum: madCodeHook
- Topic: CreateIpcQueue on a thread?
- Replies: 5
- Views: 3946
CreateIpcQueue on a thread?
Can I call CreateIpcQueue (for callback function) in a thread (TThread)? Is there any risk? I want to avoid my gui from hang.
- Thu Jul 08, 2010 3:26 am
- Forum: madExcept
- Topic: best way to debug multithread app?
- Replies: 4
- Views: 4246
- Wed Jul 07, 2010 6:55 am
- Forum: madExcept
- Topic: best way to debug multithread app?
- Replies: 4
- Views: 4246
- Mon Jul 05, 2010 10:15 am
- Forum: madExcept
- Topic: best way to debug multithread app?
- Replies: 4
- Views: 4246
best way to debug multithread app?
Madshi, my multithread app have an error. The steps to produce error is unknown. The time to produce error is unpredictable. I use MadExcept to find the cause of error. The error is list index out of bounds. Right now MadExcept only show error in thread code. I can't find the bad listview. callstack...
- Thu Jun 24, 2010 7:21 am
- Forum: madExcept
- Topic: about installing madExcept to IDE
- Replies: 10
- Views: 18379
about installing madExcept to IDE
Madshi,
i've installed madCollection, I don't find madExcept in Project menu. madExcept menu only appear in D2010, in D2007 it not exists.
How do I install madExcept to IDE manually ?
i've installed madCollection, I don't find madExcept in Project menu. madExcept menu only appear in D2010, in D2007 it not exists.
How do I install madExcept to IDE manually ?
- Sat Jun 12, 2010 4:19 am
- Forum: madCodeHook
- Topic: Hook text file contain space
- Replies: 2
- Views: 3057
- Thu Jun 10, 2010 3:14 am
- Forum: madCodeHook
- Topic: Hook text file contain space
- Replies: 2
- Views: 3057
Hook text file contain space
My program can hook text file which opened in Notepad. The way is by hooking the first parameter of created process. The problem is my program can not hook text file contain space.
c:\file.txt << hooked succesfully
c:\new file.txt << failed
Any suggestion?
c:\file.txt << hooked succesfully
c:\new file.txt << failed
Any suggestion?
- Mon Feb 22, 2010 2:35 am
- Forum: fun talk
- Topic: SPBAT v1.0 PoC
- Replies: 2
- Views: 12823
- Mon Feb 22, 2010 2:31 am
- Forum: madCodeHook
- Topic: list of folder?
- Replies: 3
- Views: 3702
I think that many applications are using FindFirst/Next internally and probably also rather often, so I'm not sure if it's a good idea to base your malware monitoring on that Thanks for the advices. I think it would be better to try to detect situations where the *user* really opens a folder. Right...
- Wed Feb 17, 2010 8:02 am
- Forum: madCodeHook
- Topic: list of folder?
- Replies: 3
- Views: 3702
list of folder?
Hi I want to make simple malware monitoring, I want if user open folder then my program will check all files in current folder. I guess I have to hook FindFirst/FindNext or NTQueryDirectoryFile. Can you give me some clues/steps to do this with mch?
thx.
thx.
- Tue Feb 16, 2010 12:34 pm
- Forum: fun talk
- Topic: exe compressor?
- Replies: 4
- Views: 14353
- Tue Feb 16, 2010 3:51 am
- Forum: fun talk
- Topic: exe compressor?
- Replies: 4
- Views: 14353
exe compressor?
I use UPX to my program (using madshi injection) and it give me error to os when running the program.
Is there any exe compressor to handle this problem? The point is I want to make my exe smaller.
Thx.
Is there any exe compressor to handle this problem? The point is I want to make my exe smaller.
Thx.