(1) fixed some PAGE_EXECUTE_READWRITE security issues
(2) fixed: x64 jmp/call relocation miscalculation
(3) added hook to detect delay loaded dlls
(4) new process dll inject now always done in main thread
(5) dll injection loader lock improvement
(6) small performance improvements
(7) fixed rare crash when calling HookAPI
(8) (C++) fixed: some undocumented APIs had incorrect types
(9) (C++) fixed: ipc resource handling bug in case of failure
(a) (driver) fixed some PAGE_EXECUTE_READWRITE security issues
(b) (driver) worked around Microsoft EMET EAF complaint
(c) (driver) dll inject is now always done in main thread (win10)
(d) (driver) ntdll APIs are now located by parsing ntdll.dll file
(e) (driver) fixed conflict where alloc collided with kernel32.dll
(f) (driver) fixed: DriverVerifier made driver not load (win8 x64)
(g) (driver) fixed: some undocumented APIs had incorrect types
This update is free for all licensed madCodeHook 3 users.
http://madshi.net/madCollection.exe (installer 188.8.131.52)
This release is an important one because it contains a few fixes for
vulnerability issues, which could otherwise be misused by malware to
gain system level access rights.
Due to the high number of changes it is recommended that you do some
extended testing with your software before you release production
software based on this new madCodeHook build.