Search found 1065 matches
- Fri Aug 11, 2023 2:16 am
- Forum: madCodeHook
- Topic: Cannot load driver in safe mode
- Replies: 9
- Views: 24121
Re: Cannot load driver in safe mode
Your entries in the Registry seem ok to me after looking at them. It may be worth deleting the "Start Type" still present in your entry. If this is a newer Windows "Safe Boot" issue then clearly other 3rd-party drivers are also affected. On Windows 7 all works fine which usually ...
- Fri Aug 11, 2023 1:25 am
- Forum: madCodeHook
- Topic: Cannot load driver in safe mode
- Replies: 9
- Views: 24121
Re: Cannot load driver in safe mode
Hello, If you look at my original post I mention the error code STATUS_NOT_SAFE_MODE_DRIVER specifically. But, NtLoadDriver() still works fine here on Windows 7 Pro x64 in Safe Mode/Safe Boot. If MCH's driver is loading fine for you in "normal" boot it must definitely be an issue with Safe...
- Thu Aug 10, 2023 11:28 pm
- Forum: madCodeHook
- Topic: Cannot load driver in safe mode
- Replies: 9
- Views: 24121
Re: Cannot load driver in safe mode
Hello, This is definitely a Windows Safe Mode issue with your driver. I know this because I booted up Windows 7 Pro x64 and was able to load MCH's driver without issue *only* after adding the entry to the SafeBoot Registry area. I could load and unload perfectly fine. If you try loading the MCH driv...
- Thu Aug 10, 2023 5:59 pm
- Forum: madCodeHook
- Topic: Cannot load driver in safe mode
- Replies: 9
- Views: 24121
Re: Cannot load driver in safe mode
Hello, Safe Mode's purpose is to load only required system drivers in hopes of keeping 3rd party drivers from loading unless you're a filter driver or other driver tied into the system at a lower layer. This increases the chances of the system properly booting in case of some other buggy driver that...
- Wed Jul 26, 2023 1:03 am
- Forum: madExcept
- Topic: Identify socket error in report
- Replies: 2
- Views: 9376
Re: Identify socket error in report
@wandersonpaiva, I would likely guess it's accessing an already freed (and likely NILed) object, but it's hard to say of course with your exception log in this thread alone. I am curious however why you're using ScktComp with TClient/ServerSocket? It's riddled with issues and isn't nearly as develop...
- Tue Jun 27, 2023 10:33 pm
- Forum: madExcept
- Topic: MadExcept Viewer Not Displaying Files.
- Replies: 6
- Views: 14173
Re: MadExcept Viewer Not Displaying Files.
Great! In looking into drag and drop we now can add support for instances that can be elevated so it will also work properly, otherwise I'd have not looked at the D'nD code to begin with.A simple reboot fixed the problem
--Iconic
- Tue Jun 27, 2023 7:56 pm
- Forum: madExcept
- Topic: MadExcept Viewer Not Displaying Files.
- Replies: 6
- Views: 14173
Re: MadExcept Viewer Not Displaying Files.
SteveG, Are you by chance running MadExcept Viewer with elevated rights (administrative rights)? If so, drag and drop support in the app would require a modified window filter due to UIPI from Vista up. I checked the viewer code and it does not add the necessary window messages to support such a cas...
- Tue Jun 27, 2023 7:21 pm
- Forum: madCodeHook
- Topic: Are there any support plans for Windows 11 UWP Apps?
- Replies: 3
- Views: 6577
Re: Are there any support plans for Windows 11 UWP Apps?
Yes, in order to inject into UWP/Metro apps you must include that flag, it's not included automatically. Glad you were able to figure it out and have it working. Also, just a note, as Madshi said your DLL file will need the security permissions "ALL APPLICATION PACKAGES" and on newer OSes ...
- Thu Jun 15, 2023 9:45 pm
- Forum: madExcept
- Topic: ec.dll missing in madExcept Demos
- Replies: 2
- Views: 6171
Re: ec.dll missing in madExcept Demos
Good catch, thank you for pointing this out
--Iconic
--Iconic
- Thu Jun 01, 2023 10:43 pm
- Forum: madExcept
- Topic: Meaning of "system up time"
- Replies: 2
- Views: 6186
Re: Meaning of "system up time"
GetTickCount()/GetTickCount64() is not process or thread-based, it simply counts the CPU ticks (clock ticks) since the system booted. OS Suspension/Hibernation has absolutely no effect on the API whatsoever.
--Iconic
--Iconic
- Mon May 08, 2023 9:33 pm
- Forum: madExcept
- Topic: Madexcept with msbuild
- Replies: 4
- Views: 3598
Re: Madexcept with msbuild
Thanks for reporting back to us
--Iconic
--Iconic
- Tue Apr 25, 2023 9:54 pm
- Forum: madCodeHook
- Topic: Hooking processes running in docker containers
- Replies: 1
- Views: 4228
Re: Hooking processes running in docker containers
Hello, Here's the quick explanation of Docker injection, we've updated MCH to support injection for such cases to work with Docker but it's only currently for usermode last I checked (InjectLibrary(non-system-driver-flag-or-processhandle)). Basically, the older versions of MCH relied on the fact tha...
- Tue Mar 21, 2023 12:30 am
- Forum: madExcept
- Topic: Exception not caught in Delphi 11.2 Alexandria 64 bit
- Replies: 54
- Views: 1134682
Re: Exception not caught in Delphi 11.2 Alexandria 64 bit
I don't think that it's the cert being bad or anything like that I agree, however something related is the most likely determinant. Unfortunately, we have no way of identifying whatever metrics they're using to decide risk factors. The days of plain signature-based detection is long over and most A...
- Sun Mar 19, 2023 11:12 pm
- Forum: madExcept
- Topic: Exception not caught in Delphi 11.2 Alexandria 64 bit
- Replies: 54
- Views: 1134682
Re: Exception not caught in Delphi 11.2 Alexandria 64 bit
@aehimself As a test only, does it happen if you remove the cert embedded in madCollection.exe? Some quick code I wrote to do this programmatically, easy to port to c/c++ if required. // Uses ImageHlp function RemoveDigitalCerts(const lpFileName: PWChar): BOOL; var hFile: THandle; begin // file migh...
- Sat Mar 18, 2023 11:07 pm
- Forum: madExcept
- Topic: Exception not caught in Delphi 11.2 Alexandria 64 bit
- Replies: 54
- Views: 1134682
Re: Exception not caught in Delphi 11.2 Alexandria 64 bit
Definitely disappointing indeed, seems some of these AVs are all of a sudden flagging a product setup that's been around for over 2 decades. More confusing is that the Installer is even signed with SHA-256 and the cert was never abused :confused: :o :confused: I guess all you can really do is contin...