I don’t know.
Error code 0x800703e6 is HRESULT_FROM_WIN32(ERROR_NOACCESS) ("Invalid access to memory location.")
http://support.microsoft.com/kb/914232/en-us
Search found 46 matches
- Wed Dec 17, 2008 9:20 am
- Forum: madCollection
- Topic: Windows Product Activation Error Message at logon!
- Replies: 6
- Views: 12480
- Wed Dec 17, 2008 7:49 am
- Forum: madCollection
- Topic: Windows Product Activation Error Message at logon!
- Replies: 6
- Views: 12480
Make sure you don’t hook/patch the Software Licensing Service.
http://www.microsoft.com/whdc/system/vi ... guide.mspx
http://www.microsoft.com/whdc/system/vi ... guide.mspx
- Tue Dec 02, 2008 4:23 pm
- Forum: madCodeHook
- Topic: Command Line assistance
- Replies: 6
- Views: 9856
since the CreateRemoteThread method works and has been tested on XP [...] As you already know, CreateRemoteThread is a bad idea for several reasons: Windows XP Professional for x64, different sessions due to Fast User Switching (FUS) or Windows Terminal Server (TS). You can/should use WMI on Window...
- Tue Dec 02, 2008 4:12 pm
- Forum: madCodeHook
- Topic: Command Line assistance
- Replies: 6
- Views: 9856
- Tue Dec 02, 2008 2:53 pm
- Forum: madCodeHook
- Topic: Command Line assistance
- Replies: 6
- Views: 9856
I guess that Vista’s TaskManager just uses NtQueryInformationProcess(ProcessBasicInformation) to retrieve the PebBaseAddress and ReadProcessMemory() to query PEB.ProcessParameters.CommandLine. For WOW64 one would have to do some basic groundwork to get this information for native processes. msdn.mic...
- Fri Nov 28, 2008 3:13 pm
- Forum: madRemote
- Topic: File copy in RemoteExecute
- Replies: 4
- Views: 18150
FileRead/FileWrite are RTL functions (in your process). You should only use API functions (ReadFile/WriteFile).
The function which you want to have executed in the other process needs to follow some rules. Please read the documentation of CopyFunction to learn more about those rules.
- Mon Nov 17, 2008 5:18 pm
- Forum: madKernel
- Topic: mutex owner
- Replies: 10
- Views: 32090
Maybe this code snippet contains what you want: {$ALIGN ON} {$MINENUMSIZE 4} type TNtStatus = LongInt; TClientId = record UniqueProcess: Pointer; UniqueThread : Pointer; end; TMutantInformationClass = ( MutantBasicInformation, // 0 MutantOwnerInformation // 1 ); TMutantBasicInformation = record Curr...
- Mon Nov 17, 2008 2:16 pm
- Forum: madDisAsm
- Topic: List all functions from an executable
- Replies: 6
- Views: 74817
Well, for ParseFunction one needs the entry point of the function (your task). This implies, that it is intended to analyze one function - not the whole program control flow (a job for IDA). The analyzed function could be followed by anything (e.g. hundreds and thousands of data bytes). topic: Back ...
- Mon Nov 17, 2008 10:40 am
- Forum: madDisAsm
- Topic: List all functions from an executable
- Replies: 6
- Views: 74817
- Mon Nov 03, 2008 7:51 am
- Forum: madKernel
- Topic: [native] RtlWow64CallFunction64
- Replies: 18
- Views: 56464
Have you found a way to list the handles of a process in a 32bit process on a 64bit OS? NtQuerySystemInformation fails listing the handles when run in a 32bit process, unfortunately... :( In the meantime I had some spare time to investigate it further... There is a quite simple (of course undocumen...
- Tue Oct 28, 2008 9:29 am
- Forum: madCodeHook
- Topic: can't seem to hook NtCreateProcess
- Replies: 10
- Views: 8590
- Mon Oct 27, 2008 7:40 am
- Forum: madCodeHook
- Topic: can't seem to hook NtCreateProcess
- Replies: 10
- Views: 8590
- Fri Oct 24, 2008 9:24 pm
- Forum: madCodeHook
- Topic: ANother problem.
- Replies: 5
- Views: 4052
Rule of thumb: Do not trust any parameters. Before using Input as a PChar, make sure it *is* a pointer to a null-terminated character string. If you cannot verify this (can be hard or expensive), wrap the usage into try-except (but do not ignore unknown exceptions - this leads to other problems). My...
- Fri Oct 24, 2008 7:26 pm
- Forum: madCodeHook
- Topic: ANother problem.
- Replies: 5
- Views: 4052
You have to validate parameters before using them.
This function will raise an access violation in System.@LStrFromPChar if it is used like this:
Code: Select all
procedure Foo(AValue: PAnsiChar);
var
Bar: AnsiString;
begin
Bar := AValue;
end;
Code: Select all
Foo(MakeIntResourceA(42));
- Wed Oct 08, 2008 3:52 pm
- Forum: madCodeHook
- Topic: Hooking FindResourceExA problem
- Replies: 2
- Views: 3109
lpName can be a string pointer or a resource identifier (see MakeIntResource).
Code: Select all
function IsIntResource(AName: Pointer): Boolean; inline;
begin
Result := (Cardinal(AName) shr 16) = 0;
end;