def file is outdated

c++ / delphi package - dll injection and api hooking

def file is outdated

Postby _NN_ » Thu Jul 12, 2018 12:34 pm

CreateIpcQueue@8 = CreateIpcQueue @36;
CreateIpcQueueEx@16 = CreateIpcQueueEx @47;

While code defines a different function:
_imp__CreateIpcQueue@24

And these functions are not there anymore: CreateIpcQueueEx, SetInjectionMethod
_NN_
 
Posts: 53
Joined: Mon Jan 21, 2013 4:00 pm

Re: def file is outdated

Postby _NN_ » Thu Jul 12, 2018 2:24 pm

As well function InitializeMadCHook and function FinalizeMadCHook are not exposed in def file
_NN_
 
Posts: 53
Joined: Mon Jan 21, 2013 4:00 pm

Re: def file is outdated

Postby madshi » Wed Jul 18, 2018 8:07 am

I think I should delete the def file, anyway. Or do you have any use for it? Many years ago I offered a madCodeHook DLL version, but it proved to be a very bad idea because malware devs just copied that dll and misused it for their bad purpose. So I got rid of the madCodeHook DLL many years ago. So the def file should be mostly useless now, or not?
madshi
Site Admin
 
Posts: 9810
Joined: Sun Mar 21, 2004 5:25 pm

Re: def file is outdated

Postby _NN_ » Wed Jul 18, 2018 11:07 am

I use this def file with some fixes of course ;)
Currently, I have C++ project which just exports MadCodeHook API and C# program which uses MadCodeHook.
This way I need only dll in C++ and the rest code can be in any language I want.
_NN_
 
Posts: 53
Joined: Mon Jan 21, 2013 4:00 pm

Re: def file is outdated

Postby madshi » Wed Jul 18, 2018 12:02 pm

No, *PLEASE* don't do this!!! :(

I understand why you'd want to do it, but it's really bad for me, and it isn't allowed by the madCodeHook license agreement.

Let me explain: If you create a DLL which exports the madCodeHook APIs, then basically any malware developer could just copy your DLL and distribute it with the malware and call the APIs and he'd have full access to the whole madCodeHook functionality! And it's not even limited to malware misuse: Basically any developer (malware or not) could just copy your DLL and have full unlimited access to madCodeHook.

This is why the license agreement says:

The products owned by the licensee into which the licensed software is built does not offer any ways for third party developers to get access to the functionality of the licensed software.


I do understand the problem with C++ vs C# etc. I have no problem with you creating a helper DLL in C++ and accessing it from C#, but you need to be careful not to make the general purpose madCodeHook APIs available like that. What you could do is export a function in your DLL like "CreateIpcQueue()", but without most the parameters. You'd hard code most of the parameters in the C++ DLL. This way your DLL could only be used to create an IPC queue with one specific IPC name. Or you could export a function like "LoadDriver()", but without any parameters, and the driver names and paths would be hard coded in the C++ DLL. Etc etc. By hard coding most of the parameters, you can still achieve your goal of making madCodeHook available to C#, but at the same time you're not making it possible for other developers to just copy your DLL and make use of the full madCodeHook functionality for their own (good or bad) purposes.

I'm sorry for the inconvenience, but I'm sure you understand why I have to insist on this, right?
madshi
Site Admin
 
Posts: 9810
Joined: Sun Mar 21, 2004 5:25 pm

Re: def file is outdated

Postby _NN_ » Mon Sep 17, 2018 8:46 am

Thank you for clarification.
What is the purpose of def file then ? Shoudn't it be removed from the package ?
_NN_
 
Posts: 53
Joined: Mon Jan 21, 2013 4:00 pm

Re: def file is outdated

Postby madshi » Mon Sep 17, 2018 9:23 am

Thanks for your understanding. I suppose it should be removed. At least I don't see a purpose right now.
madshi
Site Admin
 
Posts: 9810
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: Exabot [Bot] and 5 guests

cron