ANN: madCollection 2.8.5.0

contains all delphi packages mentioned below
Post Reply
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

ANN: madCollection 2.8.5.0

Post by madshi »

Today madCodeHook v4 introducess a relatively "big" new feature: You can now
register a user mode callback, which the driver will call for all newly
created processes which match your injection criteria. Your user mode
callback then has the option to approve or reject DLL injection for each
newly created process. Please note that this kind of callback from a driver
to user land, which delays the start of new processes, is not recommended by
Microsoft. So use this new feature at your own risk! It seems to work pretty
well, though. If you do use this feature, please make sure your callback
executes as quickly as possible, to avoid any unnecessary delays for newly
started processes.

Furthermore, both the new madCodeHook v3 and v4 build now disable the
"parallel DLL loading" feature of the Windows 10 OS loader, for any
processes we inject our hook DLL into. "Parallel loading" basically tries to
initialize newly created processes in a multi-threaded way. This OS loader
feature can make problems if DLL injection and API hooking is used.
Consequently the OS already disables it itself in certain situations. Now
madCodeHook does that automatically, which should help Windows 10 stability.

Please note that madCodeHook 3.0.18 is probably going to be the last v3
build! I will concentrate on madCodeHook v4 development and support now.
Which means if you haven't upgraded to v4 yet, now might be a good time.
To make your decision a bit easier, I'm reducing upgrade pricing from 60%
(of the price of a new license) down to 50% for the next 2 weeks. This price
includes one full year of subscription. After that year has passed, you can
optionally renew the subscription for a yearly payment of 30% of the price
of a new license. If you'd like to upgrade from v3 to v4, please contact me
via email, thank you!

Now here comes the usual detailed list of changes:

madCodeHook 4.0.5 comes with the following changes:

(1) added support for driver DLL inject approval callback
(2) added "callback" parameters to InjectLibraryA/W
(3) avoid crash when uninstalling API hooks in Edge
(4) improved LoadLibrary hook thread safety
(5) avoid deadlock while checking for new/removed DLLs
(6) improved ProcessIdToFileName for wow64 processes
(7) added DISABLE_LDR_LOAD_DLL_SPECIAL_HOOK option
(8) added DISABLE_PARALLEL_DLL_LOADING option
(9) (driver) added support for driver DLL inject approval callback
(a) (driver) disable injection for "dynamic code" policy processes
(b) (driver) added support for disabling parallel DLL loading
(c) (driver) fixed: permanent 64bit injection failed in newer OSs
(d) (driver) fixed: collision between multiple madCodeHook drivers
(e) (driver) injection is now only performed in main thread

madExcept 4.0.20 comes with the following changes:

(1) some small leak reporting bugfixes
(2) improved SW_HIDE compatability
(3) optimized madExceptViewer tool default window size
(4) madIWSupport: added support for official IW exception callback

madCodeHook 3.1.18 comes with the following changes:

(1) avoid crash when uninstalling API hooks in Edge
(2) improved LoadLibrary hook thread safety
(3) avoid deadlock while checking for new/removed DLLs
(4) (driver) disable injection for "dynamic code" policy processes
(5) (driver) added support for disabling parallel DLL loading
(6) (driver) fixed: collision between multiple madCodeHook drivers
(7) (driver) injection is now only performed in main thread

http://madshi.net/madCollection.exe (installer 2.8.5.0)
Post Reply