Search found 24 matches
- Tue Feb 08, 2005 4:05 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
OK, I've stripped out all the MadKernel Code and I'm back to erros/AV's again whenever I try calling: GetModuleFileName(callmod, ...) and GetModuleFileName(0, ...). I use a logfile and whenever I call GetModuleFileName(...) the log is showing many repeated lines of calls to the Callback function. I ...
- Tue Feb 08, 2005 3:55 pm
- Forum: madCollection
- Topic: XP DLL Inject with version 2.1.60
- Replies: 3
- Views: 7561
- Mon Feb 07, 2005 12:31 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
Yeah, I agree, i thought there would be an easier way than using all that extra overhead code. I didn't know calling GetModuleFileName(0, ...) would return the calling exe name.....I just realised now that the dll is part of the process being called. I'm now getting the idea of all this inject stuff...
- Sun Feb 06, 2005 3:31 pm
- Forum: madCollection
- Topic: XP DLL Inject with version 2.1.60
- Replies: 3
- Views: 7561
XP DLL Inject with version 2.1.60
Hi Madashi, I've updated to MadCollection v2.1.60 from v2.1.20 and whenever I use InjectLibrary to inject a DLL into ALL_SESSIONS (see code below) The PC just turns off in an instant and reboots. My Inject/Uninject code is called from a system service: InjectLibrary((ALL_SESSIONS Or SYSTEM_PROCESSES...
- Sun Feb 06, 2005 3:28 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
Sorted
HI, I've sorted the problem out now, I am using the IModule/IProcess interfaces to obtain the OwnerProcess.ID of the Calling Module, this tells me which process launched the hook. Is this code ok to use ??: function SetWindowsHookExACallback(HookId: Integer; lpHookProc: TFNHookProc; hMod: Hinst; dwT...
- Tue Feb 01, 2005 4:55 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
- Tue Feb 01, 2005 4:41 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
MSCTF.DLL can't be reported as a process, since it's a DLL only. Who does the reporting? If you hook SetWindowsHookEx, you can use GetCallingModule to ask which module called SetWindowsHookEx. Also you can use GetCurrentProcessId to find out which process called it. Within the CallBack function for...
- Tue Feb 01, 2005 4:21 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
I found some info on ctfmon.exe, direct from MS site: Ctfmon.exe is the file that is responsible for controlling the Alternative User Input technologies. It starts the Language Bar component (in the Systray) and remains running in the background even after you quit an Office XP program. It also star...
- Tue Feb 01, 2005 1:09 pm
- Forum: madCodeHook
- Topic: SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
- Replies: 12
- Views: 16760
SetWindowsHookEx and MSCTF.DLL (ctfmon.exe)
Hi, I've managed to download and compile the source code to AntiKeyLogger http://psmantikeyloger.sourceforge.net/ I have run the program without errors and it pops up when ever a keyboard hook is detected, so far so good. However, when using the MadCodeHook injection on SetWindowsHookEx, if ctfmon.e...