delphi package - easy access to kernel objects etc.
- Posts: 4
- Joined: Wed Dec 10, 2008 9:45 am
HI Guys please help me out ,My question is -Does madshi have any file system driver kind of thing for his hooking process?
If yes what is the name of driver ?
- Site Admin
- Posts: 10338
- Joined: Sun Mar 21, 2004 5:25 pm
There is a little kernel mode driver (but not a file system driver) which is responsible for injection hook dlls into newly created processes. Hooking itself doesn't need any help from drivers, only dll injection does. The name of the driver file in the current madCodeHook version is "mchInjDrv.sys". It is by default at runtime temporarily extracted to harddisk, then loaded, then deleted again.
In the upcoming madCodeHook 3.0 the driver will be stored and distributed as a separate file.