Crash between madcodehook v2.2 and 4.x

c++ / delphi package - dll injection and api hooking
Post Reply
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Crash between madcodehook v2.2 and 4.x

Post by marcusssong »

Hello,

I posted a problem about "Crash between madcodehook v3.x and 4.x" before. (viewtopic.php?f=7&t=28450)

However, the solution conflicting with ours is using v2.2 instead of v3.x.

According to the company, if madcodehook v2.x is used with another version(v3.1.16 or v4.x), v2.x will not work properly.

When we tested this, v2.2 cannot make an injection to newly created processes while it works fine for existing ones.

Although we found no compatibility issues between v2.2 and v3.1.16, is there a potential problem when using them together?

We would also like to know if there is any way to use v2.2 and v4.x together.

Thank you for your help.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook v2.2 and 4.x

Post by madshi »

Why is anybody still using madCodeHook v2 these days? Anyway, I'm not sure where a crash would come from. madCodeHook 2.x and 4.x should be "compatible" in that they should not crash when used together, they should even work nicely together, share the same hooking queue etc.

Does the issue occur due to the DLL injection? Or due to the hooking? If you comment out all your HookAPI()/HookCode() calls, does the crash still occur?
jgh0721
Posts: 28
Joined: Tue Apr 22, 2014 8:06 am

Re: Crash between madcodehook v2.2 and 4.x

Post by jgh0721 »

I dont know why they using old version( v2.2 )

They( Korea's L company and S Company ) insist of MCH v2.2 crashing MCH v3.x and MCH v4.x.
MCH v2 와 MCH v3/v4 를 함께 사용하면, Hooking Chain(Hook Queue?) 가 손상된다고 한다.
When using MCH v2 and together MCH v3/v4, They protest which MCH's Hooking Chain(Hook Queue?) got damaged.

They product is Print DRM ( watermark making ) and our product is Process Control.

test result. ( windows 7 x86 )

i think our DLL injection cause the issue( watermark doesn't make ).
i comment out all my HookAPI/HookCode/InitializeMadCHook and etc. but still cause the issue.

my dll hook these apis.
NtTerminateProcess, NtSetInformationFile, NtQueryDirectoryFile
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook v2.2 and 4.x

Post by madshi »

If commenting out the HookAPI() calls doesn't help, then what the other company says: "They protest which MCH's Hooking Chain(Hook Queue?) got damaged" doesn't make any sense, because the hooking chain/queue is not involved at all if you don't ever call HookAPI/HookCode in your hook dll! It's pretty clear that the DLL injection doesn't work properly with the v2 version they're using, in combination with v3/v4 DLL injection. I'm not sure why it doesn't work, though.

FYI, I'm working on a new DLL injection method for 4.x which will be released "soon". The new method works totally different compared to the current method, so I think it will probably work around the issue.

Anyway, it seems to me that your product always works, but the other product is the one which sometimes doesn't work, is that correct? In that case why would it be your responsibility to fix this issue?

Probably the issue is in the v2 madCodeHook version the other company is using, and I don't think I can do just a small simple fix to 3.x/4.x to resolve the issue. Other than replacing the whole injection method (see above), I don't think there's much I can do in v3/v4. Probably a fix would be needed for v2 to resolve the issue. But really, v3 was released 8 years ago, which is an eternity in the computer world. I've really zero interest in trying to release a new v2 build, considering it was deprecated 8 years ago.
Post Reply