madshi.net

Glad it worked for you! I'm no Delphi expert by any means but recently had to struggle through this same issue. ;) So I've plenty of experience using MadCodeHook and Visual C++. I don't know for sure, but I really don't think that performance is that much different than in Delphi. Both probably spen...

It's easier to use the fixed character buffer for the answer: var TempRules : Array[0..4096] of Char; begin SendIpcMessage(IPC_CHANNEL, Msg, StrLen(Msg) + 1, @TempRules, sizeOf(TempRules), INFINITE, FALSE); end; And in the .exe: procedure HandleIPCRequest(name : pchar; messageBuf : pointer; messageL...

You can use Windows Accessibility (SetWinEventHook, EVENT_SYSTEM_MINIMIZEEND).

Alternatively, you can use SetWindowsHookEx() to set a WH_SHELL hook.

-- David

Thanks Madshi.

Usually suspending thread of other unknown processes is very dangerous. You can even end up locking up the whole OS. Is there no other way to realize your aim? What are you trying to achieve? I have a reason: I want to programatically TerminateProcess() a process that is suspected of being malware....

http://www.joachim-bauch.de/tutorials/l ... emory.html seems a good place to start!

Hello, I want to hook LoadLibrary() to create a HMODULE from something besides a disk file (.dll). The contents of the DLL are not stored in a disk file, instead they are stored in a proprietary hardware device, or I could load it from there into memory and then want Windows to create a HMODULE from...

You need to hook gethostbyname(), and getaddrinfo(), and send().

Did you hook the first 2 yet? Sorry, I can't give you example code.

Thanks,
David

SHFileOperation() is used to recycle a file. I'm not sure there are any more API's that also do, so hooking an Nt() function as suggested may be more reliable.

-- David

One of the disadvantages of MadCodeHook's IPC is the performance. Madshi was supposedly working on a speed up implementation. How is that going?

Thanks,
David

Does Vista64 block hooking the NTDLL e.g. NtCreateProcess()? If allowed, I would think this would be the most reliable, since all? process creation calls go through this one?

Thanks,
David

If you use ShellExecuteEx() to launch the app, you can do so on a separate thread. Use the SEE_MASK_NOCLOSEPROCESS flag so that the hProcess of the launched app is returned to you. Then do a WaitForSingleObject(hProcess); This call will return only when the launched app is terminated. Don't forget t...

You can hook CreateProcess in your program, and in the hook for that, call CreateProcessEx() (a Madshi API that injects your DLL into the newly created process).

-- David

BTW, what does Windows Update have to do with it? If you static link your DLL, you should be unaffected by Windows Update changes.

-- David

What you want is easily done with MadCodeHook. Your loader would use the Madshi API called CreateProcessEx(), which launches far.exe and injects your your specified hook DLL. When your hook DLL is injected, you hook various registry API's. The hard part is determining which registry API's to hook be...