Crash between madcodehook ver 3.x and 4.x

c++ / delphi package - dll injection and api hooking
Post Reply
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

Hello,

We think there might be a problem between v3.x and v4.x.

We are using madcodehook v4.0.3.

After loading the driver and injecting the dll with our solution, dll injection does not work on the other solution.(the other solution is using v3.1.15 or v3.1.16 driver)

We tested the problem and the results are as the following:

1. Remover function in the dll (only leaves the dll main). This has no relation to the dll function.

2. If the user runs our solution as administrator, the other solution works without a problem. (our solution originally runs as a service)

3. If our solution loads the driver and injects the dll a few minutes after starting the service, the other solution works properly.

Result: Loading the driver and injecting the dll immediately after starting service affects the other solution making it unable to inject the dll.

We would like to know if there a problem between v3.x and v4.x.

Thank you for your help.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by madshi »

> 1. Remover function in the dll (only leaves the dll main).
> This has no relation to the dll function.

These 2 sentences are a complete mystery to me. What does this mean?

I'm not aware of any incompatability between v3.1.16 and v4.0.3. But of course it's possible that there's some kind of issue I'm not aware of. I suppose "the other solution" is a 3rd party software that is not yours, so you don't have access to their source code?

Can you reproduce any problems if you replace "the other solution" with the PrintMonitor demo?

http://madshi.net/PrintMonitor.zip (compiled with v4)
http://madshi.net/PrintMonitor30.zip (compiled with v3)
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

yes the other solution is another company's software so i cannot access to source code :cry:

2 sentence meaning :

after booting, our service load the driver and inject the dll immediately.
our program runs as service then dll injection does not work on the other solution.

I tried to change our solution runs as application not service.
after change the solution, the user have to excute our solution as administrator not service rights.
then the other solution works well.

use printMonitor, i cannot reproduce problems. because its not a service.

is there other test method or more information that you want?

thx.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by madshi »

The other solution, does it also perform injection with a service? And also automatically and immediately after a reboot?
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

We asked to the other solution but they said cannot answer because of security..........

but i think the other solution runs as service so maybe inject immediately after reboot.

thx.
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

Could you please check the problem with a remote control program like TeamViewer?

If you can, I will send you the TeamViewer ID and PW.

Thank you for your support.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by madshi »

It's really hard to debug something like this remotely, especially when we don't even know any specifics about "the other solution". For example, it could be possible that the other solution is not using a stock madCodeHook version, but maybe they've customized the code somehow, accidently breaking compatability. Or maybe they're using a rather old version?

Would it maybe be possible to get a VM with which I could reproduce the problem on my own PC. So the VM would have "the other solution" installed, and in addition to that I'd need a simple test project (could be almost empty) which I could recompile with madCodeHook to reproduce the problem you're describing? I know, that seems like asking a lot, but I'm not sure it will be possible to find the problem efficiently otherwise.
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

I request the other solution to get the VM but they didnt reply not yet.

After ready for the VM then i will contact you again.

Thx for your support.
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

We get the VM that inatalled the the other solution.

How can i sent you the vm (.vdi) file?

I need to send you two vm file, one is the server and one is the agent.

Thx for your support.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by madshi »

vdi? What format is that? Doesn't seem to be VmWare?

You can make it available for download somehow and send me the download link privately to madshi (at) gmail (dot) com. Would that be possible?
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

this format is Virtual Box.

i will send you soon to use google eamil.

after i sent you i will post the reply again.

Thx.
marcusssong
Posts: 22
Joined: Wed Apr 26, 2017 1:14 pm

Re: Crash between madcodehook ver 3.x and 4.x

Post by marcusssong »

I sent the email to madshi@gmail.com.

Please check the email.

Thank you.
Post Reply