details

Davita · Post by **Davita** » Wed Sep 14, 2005 3:07 pm

madshi i found 2 details.
1: madCodeHook is in conflict with DEP (Data Execution Prevention), that's why I can't inject my dll in explorer.
2: when hooking FindFile* functions i use lstrcmpiA and lstrcmpiW. they doesn't work if I don't use a const as a second parameter. here's the working example:
const
hfilee = '1.txt';

function FindFirstFileAProc(lpFileName: PAnsiChar; var lpFindFileData: TWIN32FindDataA): THandle; stdcall;
var hFile: THandle;
res: BOOL;
begin
hFile := FindFirstFileANext(lpFileName, lpFindFileData);
if lstrcmpiA(lpFindFileData.cFileName, hfilee) = 0 then
begin
repeat
res := FindNextFileANext(hFile, lpFindFileData);
until (not res) or (lstrcmpiA(lpFindFileData.cFileName, hfilee) <> 0);
end;
Result := hFile;
end;

not working example:
function FindFirstFileAProc(lpFileName: PAnsiChar; var lpFindFileData: TWIN32FindDataA): THandle; stdcall;
var hFile: THandle;
res: BOOL;
begin
hFile := FindFirstFileANext(lpFileName, lpFindFileData);
if lstrcmpiA(lpFindFileData.cFileName, 'c:\1.txt') = 0 then
begin
repeat
res := FindNextFileANext(hFile, lpFindFileData);
until (not res) or (lstrcmpiA(lpFindFileData.cFileName, hfilee) <> 0);
end;
Result := hFile;
end;

I need to assign dinnamically which files must be hidden and which not, so I need to use variables. do you know how should i do that?

Oooops, sorry madshi

I wanted to post this text in "someone help please" and not to open a new topic. i did it accidentally

Post by **madshi** » Wed Sep 14, 2005 4:16 pm

I don't think that the current version of madCodeHook has no problem with DEP. I'm having DEP active (opt out) on my Athlon64 and there's no problem with any of my hook demo projects. Do the demo projects work on your PC? If yes, isn't that enough proof that madCodeHook has no problem with DEP? Why do you think there's a problem with madCodeHook and DEP?

Don't know about they lstrcmp stuff. Maybe the API doesn't like it if the string is inside a DLL's data section and rather wants to have it in an allocated buffer instead. Maybe lstrcmp checks write access to the strings? Would be somewhat crazy, though.

Davita · Post by **Davita** » Wed Sep 14, 2005 4:25 pm

Why do you think there's a problem with madCodeHook and DEP?

because when i downloaded madCodeHook first time, the HookFindNextFile demo worked fine. after when i was testing my projects, injecting and uninjecting my dll-s DEP gave me a message that explorer was in attack. after that your demo didn't work in explorer. I tried to hide a file with my dll. the file is hidden only in DEP's non protected programs. that's why i think that madCodeHook has problems with DEP.

Post by **madshi** » Wed Sep 14, 2005 4:55 pm

Maybe you just need to reboot your PC. As you said, the demo works fine in the beginning. That's proof that madCodeHook has no problem with DEP.

Davita · Post by **Davita** » Wed Sep 14, 2005 5:56 pm

I already rebooted my PC. anyway thanks for your support madshi