Search found 381 matches
- Mon Feb 23, 2009 4:08 pm
- Forum: madCodeHook
- Topic: Several Questions with madCodeHook
- Replies: 5
- Views: 6951
Glad it worked for you! I'm no Delphi expert by any means but recently had to struggle through this same issue. ;) So I've plenty of experience using MadCodeHook and Visual C++. I don't know for sure, but I really don't think that performance is that much different than in Delphi. Both probably spen...
- Mon Feb 23, 2009 4:40 am
- Forum: madCodeHook
- Topic: Several Questions with madCodeHook
- Replies: 5
- Views: 6951
Don't use string
It's easier to use the fixed character buffer for the answer: var TempRules : Array[0..4096] of Char; begin SendIpcMessage(IPC_CHANNEL, Msg, StrLen(Msg) + 1, @TempRules, sizeOf(TempRules), INFINITE, FALSE); end; And in the .exe: procedure HandleIPCRequest(name : pchar; messageBuf : pointer; messageL...
- Wed Feb 11, 2009 5:52 am
- Forum: madCodeHook
- Topic: Handle Minimize Event
- Replies: 2
- Views: 4618
WH_SHELL
You can use Windows Accessibility (SetWinEventHook, EVENT_SYSTEM_MINIMIZEEND).
Alternatively, you can use SetWindowsHookEx() to set a WH_SHELL hook.
-- David
Alternatively, you can use SetWindowsHookEx() to set a WH_SHELL hook.
-- David
- Thu Dec 11, 2008 11:56 pm
- Forum: madCollection
- Topic: Suspend Process Except 1
- Replies: 4
- Views: 10854
- Tue Dec 09, 2008 3:20 am
- Forum: madCollection
- Topic: Suspend Process Except 1
- Replies: 4
- Views: 10854
Usually suspending thread of other unknown processes is very dangerous. You can even end up locking up the whole OS. Is there no other way to realize your aim? What are you trying to achieve? I have a reason: I want to programatically TerminateProcess() a process that is suspected of being malware....
- Sun Nov 16, 2008 7:05 pm
- Forum: madCodeHook
- Topic: LoadLibrary() that takes a memory buffer
- Replies: 2
- Views: 5875
http://www.joachim-bauch.de/tutorials/l ... emory.html seems a good place to start!
- Sun Nov 16, 2008 6:56 pm
- Forum: madCodeHook
- Topic: LoadLibrary() that takes a memory buffer
- Replies: 2
- Views: 5875
LoadLibrary() that takes a memory buffer
Hello, I want to hook LoadLibrary() to create a HMODULE from something besides a disk file (.dll). The contents of the DLL are not stored in a disk file, instead they are stored in a proprietary hardware device, or I could load it from there into memory and then want Windows to create a HMODULE from...
- Thu Jul 17, 2008 11:10 am
- Forum: madCodeHook
- Topic: winsock again
- Replies: 12
- Views: 15794
- Sat Jul 12, 2008 6:14 pm
- Forum: madCodeHook
- Topic: What kind of API do i hook to prevent from moving file ...
- Replies: 5
- Views: 7100
- Sat Jul 12, 2008 6:11 pm
- Forum: madCodeHook
- Topic: madcodehook ipc functions
- Replies: 9
- Views: 10847
- Sat Jul 12, 2008 6:09 pm
- Forum: madCodeHook
- Topic: Hook process creation on Vista
- Replies: 18
- Views: 32513
- Sat Jul 12, 2008 6:07 pm
- Forum: madCodeHook
- Topic: Keep Hooking...
- Replies: 2
- Views: 4515
Use ShellExecuteEx instead of WinExec
If you use ShellExecuteEx() to launch the app, you can do so on a separate thread. Use the SEE_MASK_NOCLOSEPROCESS flag so that the hProcess of the launched app is returned to you. Then do a WaitForSingleObject(hProcess); This call will return only when the launched app is terminated. Don't forget t...
- Tue Feb 19, 2008 5:35 am
- Forum: madCodeHook
- Topic: Partial system-wide hook?
- Replies: 3
- Views: 4546
- Tue Feb 12, 2008 7:04 pm
- Forum: madCodeHook
- Topic: hooking getaddrinfo - desperate help - please...
- Replies: 11
- Views: 16555
- Sat Feb 09, 2008 7:44 pm
- Forum: madCodeHook
- Topic: Application loader with registry hooking
- Replies: 1
- Views: 3474
What you want is easily done with MadCodeHook. Your loader would use the Madshi API called CreateProcessEx(), which launches far.exe and injects your your specified hook DLL. When your hook DLL is injected, you hook various registry API's. The hard part is determining which registry API's to hook be...