Forcing IAT patching?

[XanSama]

Hey, I'm wondering if it's possible (I'm under the impression it is) to use IAT patching with madCodeHook rather than the overwriting, and if so how i would go about doing that.

Thanks,
Xan

[Arksole Hoax]

Dosnt madCodeHook chose the compatiblest method of hooking ?
A Force flag might be work but woulndt it risk system instability?

[madshi]

madCodeHook doesn't do simple IAT hooking at all. Why would you want to do that?

[XanSama]

I'm rather willing to take that chance. currently madCodeHook is using code overwriting and it is "working" in so much as it sucessfully overwrites the code. Unfortunately the application I'm attempting to hook notices this and exits. And I know for a fact IAT patching works because I've done it manualy before and not had this problem.

edit: just saw your post, damnit.

hmm, any thing else I could do (with madCodeHook) to avoid this problem? or do i need to go back to doing it manualy?

[madshi]

You can try using the "MIXTURE_MODE" flag. This forces madCodeHook to use its second best API hooking method, which is a combination of IAT patching, EAT patching and code overwriting. Maybe that works for your specific case.

[XanSama]

alright thanks. now, and even n00ber question :/ what do i have to set the MIXTURE_MODE flag to to enable it?


edit: or how do i use it :/ because i think i have no idea.

edit2: got it, testing.

[madshi]

Check the documentation of "HookAPI".

[XanSama]

god damnit, sorry it seems to be my dll, and by my dll I mean any delphi compiled dll, that's making it exit. :/ I know this isnt exactly madCodeHook related, but any ideas?

[madshi]

Does it also happen with the precompiled madCodeHook demos?

[XanSama]

yeah, it was happening with everything i tried... turns out i just needed to reboot, the program had sent up some sort of red flag the first time i tried to hook and wasnt running any more (with or without dlls). Got it now anyway, and works with mixture hooking all is well. thanks.