Crash between madcodehook ver 3.x and 4.x

c++ / delphi package - dll injection and api hooking

Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Wed Sep 27, 2017 8:34 am

Hello,

We think there might be a problem between v3.x and v4.x.

We are using madcodehook v4.0.3.

After loading the driver and injecting the dll with our solution, dll injection does not work on the other solution.(the other solution is using v3.1.15 or v3.1.16 driver)

We tested the problem and the results are as the following:

1. Remover function in the dll (only leaves the dll main). This has no relation to the dll function.

2. If the user runs our solution as administrator, the other solution works without a problem. (our solution originally runs as a service)

3. If our solution loads the driver and injects the dll a few minutes after starting the service, the other solution works properly.

Result: Loading the driver and injecting the dll immediately after starting service affects the other solution making it unable to inject the dll.

We would like to know if there a problem between v3.x and v4.x.

Thank you for your help.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby madshi » Wed Sep 27, 2017 8:49 am

> 1. Remover function in the dll (only leaves the dll main).
> This has no relation to the dll function.

These 2 sentences are a complete mystery to me. What does this mean?

I'm not aware of any incompatability between v3.1.16 and v4.0.3. But of course it's possible that there's some kind of issue I'm not aware of. I suppose "the other solution" is a 3rd party software that is not yours, so you don't have access to their source code?

Can you reproduce any problems if you replace "the other solution" with the PrintMonitor demo?

http://madshi.net/PrintMonitor.zip (compiled with v4)
http://madshi.net/PrintMonitor30.zip (compiled with v3)
madshi
Site Admin
 
Posts: 9442
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Wed Sep 27, 2017 11:06 am

yes the other solution is another company's software so i cannot access to source code :cry:

2 sentence meaning :

after booting, our service load the driver and inject the dll immediately.
our program runs as service then dll injection does not work on the other solution.

I tried to change our solution runs as application not service.
after change the solution, the user have to excute our solution as administrator not service rights.
then the other solution works well.

use printMonitor, i cannot reproduce problems. because its not a service.

is there other test method or more information that you want?

thx.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby madshi » Wed Sep 27, 2017 11:39 am

The other solution, does it also perform injection with a service? And also automatically and immediately after a reboot?
madshi
Site Admin
 
Posts: 9442
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Fri Sep 29, 2017 5:34 am

We asked to the other solution but they said cannot answer because of security..........

but i think the other solution runs as service so maybe inject immediately after reboot.

thx.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Fri Sep 29, 2017 7:03 am

Could you please check the problem with a remote control program like TeamViewer?

If you can, I will send you the TeamViewer ID and PW.

Thank you for your support.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby madshi » Wed Oct 04, 2017 10:17 am

It's really hard to debug something like this remotely, especially when we don't even know any specifics about "the other solution". For example, it could be possible that the other solution is not using a stock madCodeHook version, but maybe they've customized the code somehow, accidently breaking compatability. Or maybe they're using a rather old version?

Would it maybe be possible to get a VM with which I could reproduce the problem on my own PC. So the VM would have "the other solution" installed, and in addition to that I'd need a simple test project (could be almost empty) which I could recompile with madCodeHook to reproduce the problem you're describing? I know, that seems like asking a lot, but I'm not sure it will be possible to find the problem efficiently otherwise.
madshi
Site Admin
 
Posts: 9442
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Wed Oct 11, 2017 12:41 am

I request the other solution to get the VM but they didnt reply not yet.

After ready for the VM then i will contact you again.

Thx for your support.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Sat Oct 21, 2017 7:01 am

We get the VM that inatalled the the other solution.

How can i sent you the vm (.vdi) file?

I need to send you two vm file, one is the server and one is the agent.

Thx for your support.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby madshi » Sat Oct 21, 2017 8:15 am

vdi? What format is that? Doesn't seem to be VmWare?

You can make it available for download somehow and send me the download link privately to madshi (at) gmail (dot) com. Would that be possible?
madshi
Site Admin
 
Posts: 9442
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Sun Oct 22, 2017 2:13 pm

this format is Virtual Box.

i will send you soon to use google eamil.

after i sent you i will post the reply again.

Thx.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Postby marcusssong » Tue Oct 24, 2017 5:49 am

I sent the email to madshi@gmail.com.

Please check the email.

Thank you.
marcusssong
 
Posts: 16
Joined: Wed Apr 26, 2017 1:14 pm


Return to madCodeHook

Who is online

Users browsing this forum: Baidu [Spider] and 3 guests

cron