Just a quick Q concerning the InjectLibrary and UnInjectLibrary in
the MadCodeHook component.
In my service Start Event I use:
Code: Select all
InjectLibrary((ALL_SESSIONS Or SYSTEM_PROCESSES) and (not CURRENT_PROCESS), 'MYINJECTED.DLL');
Code: Select all
UnInjectLibrary((ALL_SESSIONS Or SYSTEM_PROCESSES) and (not CURRENT_PROCESS), 'MYINJECTED.DLL');
if it is possible to UnInject just these two processes instead of UnInjecting All ????
Below is a snippet of the begin block in MYINJECTED.DLL but I don't think it is very stable
as windows sometimes throws memory errors at me.
Code: Select all
var
tmp: array [0..MAX_PATH] of char = '';
isOK: boolean;
ModuleFileName: string = '';
ProcessFileName: string = '';
SystemFolderPath: string = '';
ModuleID: Cardinal = 0;
ProcessID: Cardinal = 0;
begin
isOK := false;
SystemFolderPath := GetSystemFolderPath;
ModuleID := GetCallingModule();
ProcessID := GetCurrentProcessId();
GetModuleFileName(0,tmp,MAX_PATH);
ProcessFileName := tmp;
isOK := SameFileName(SystemFolderPath+'winlogon.exe', ProcessFileName);
if isOK then
begin
WriteToLog(LOGFILE,'----- DLL UnInjected: '+ProcessFileName+':'+inttostr(ProcessID));
UnInjectLibrary(ProcessID, 'MYINJECTED.DLL');
end
else
begin
CollectHooks();
WriteToLog(LOGFILE,'----- DLL Injected: '+ProcessFileName+':'+inttostr(ProcessID));
HookAPI('USER32.DLL', 'SetWindowsHookExA', @SetWindowsHookExACallback, @SetWindowsHookExANext);
HookAPI('USER32.DLL', 'SetWindowsHookExW', @SetWindowsHookExWCallback, @SetWindowsHookExWNext);
FlushHooks();
end;
end.
HELP ME !!!!! I'M GOING MAD