shared memory (IPC)

contains all delphi packages mentioned below
Post Reply
yabbadabbadu
Posts: 2
Joined: Sat Mar 31, 2007 11:56 pm

shared memory (IPC)

Post by yabbadabbadu »

Hello,

first I want to say, that you’ve done a very good job, Madshi. You have created a very good and easy to use package.

But now to my problem:
I’m writing a tool, which should automatically analyse malware. And I’ve got to a point where I’ve to hook the WriteFile-Function. I want to transfer the filename to the main application, but I can’t use your SendIPCMessage Function, because this ends up in endless recursion.
I’ve also tried your MadCollectionBeta, which I’ve found in several other threads, but it didn’t solve the recursion problem.
Then I’ve found a suggestion, which makes the proposal to use a thread variable, that is used to distinguish between the original WriteFile-request and the SendIPCMessage-request… but this also didn’t work.
And then I’ve read about “shared memory”, and I think that is exactly the solution, which I prefer. The only problem is, that I don’t know, when the main application has to read out of the memory. All the examples I’ve found uses SendMessage to trigger the read… but this don’t work with services, apparently. I’ve read following example, but there is a lot of other stuff around, which is confusing me (e.g. the DLLEventHandle… do I really need it?):

viewtopic.php?t=1061&highlight=shared+memory

Is “WaitForSingleObject(ServerEventHandle, INFINITE);” the crucial line? I really don’t know how to trigger the read-operation of the main application. It would be very nice, if someone can give me a little advice or can show me a few lines of example code.

Sorry for my English… I hope you understood my concern.

Best regards and thank you in advance
Markus
yabbadabbadu
Posts: 2
Joined: Sat Mar 31, 2007 11:56 pm

Post by yabbadabbadu »

Sorry... I've posted in the wrong category. It should appear in the "madCodeHook"-section.

best wishes
Markus
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

The latest madCodeHook version should "solve" the endless recursion, however, it's only available for commercial customers. Also the endless recursion is not really solved, but only detected and then worked around. The workaround should work, but it does cost a bit of performance, because the detection works only after a certain amount of recursion has occurred first.

Shared memory would be an alternative solution, but please note that this may make problems in Vista. The only reliable solution for IPC which I found to work well in Vista is using internal OS functions for IPC. The latest madCodeHook version does that in Vista.
Post Reply