Search found 10371 matches

by madshi
Mon May 17, 2021 9:31 am
Forum: madExcept
Topic: detect at runtime if leak detection is active
Replies: 1
Views: 11

Re: detect at runtime if leak detection is active

You can check "MESettings().ReportLeaks" to see if it's enabled, and you can use GetModuleHandle('madExcept32.dll') to check if the leak reporting DLL is currently loaded in your process. For 64bit, look for madExcept64.dll.
by madshi
Thu Apr 29, 2021 4:08 pm
Forum: madExcept
Topic: Compiler/Executable blocked for 60s
Replies: 1
Views: 131

Re: Compiler/Executable blocked for 60s

Never heard about such a problem yet. First thing to check is if maybe your anti-virus is throwing a fit. Wouldn't be the first time that an AV software causes trouble. Strange thing is that you're seeing this on 4 different machines, while nobody else seems to see the same problem. So that makes me...
by madshi
Wed Apr 28, 2021 9:07 am
Forum: madCodeHook
Topic: Release of app with madCodeHook and dll injection to Microsoft Store
Replies: 1
Views: 147

Re: Release of app with madCodeHook and dll injection to Microsoft Store

I've no experience with the Microsoft Store, so I can't really comment. What I can say is that just recently I read about Microsoft relaxing some of the store policies. But I don't know if this will also relax this hooking related policy. Here's one article talking about it: https://www.windowscentr...
by madshi
Fri Apr 23, 2021 9:12 am
Forum: madCodeHook
Topic: Intel's CET Shadow Stack issue
Replies: 25
Views: 2012

Re: Intel's CET Shadow Stack issue

Sorry, but no, only v4.
by madshi
Wed Apr 07, 2021 8:11 am
Forum: madCodeHook
Topic: using RestoreCode with NtHookEngine
Replies: 12
Views: 516

Re: using RestoreCode with NtHookEngine

Oh wait, the documentation already says that:

// restores the original code of the API/function (only first 6 bytes)
by madshi
Wed Apr 07, 2021 8:08 am
Forum: madCodeHook
Topic: using RestoreCode with NtHookEngine
Replies: 12
Views: 516

Re: using RestoreCode with NtHookEngine

RestoreCode was created to undo simple "JMP trampoline" hooks which are either 5 or 6 bytes long. Restoring more than that is sort of dangerous. Let's assume there's 10 bytes of changed code. How do we know if that's 1 API which is 10 bytes long or 2 APIs which are 5 bytes long each? Furth...
by madshi
Wed Apr 07, 2021 6:57 am
Forum: madCodeHook
Topic: using RestoreCode with NtHookEngine
Replies: 12
Views: 516

Re: using RestoreCode with NtHookEngine

I've checked the code of WasCodeChanged(). It internally loads the first 16 bytes of code from harddisk, then applies relocation (if necessary). And then it checks if only the first (up to) 8 bytes of code have changed. If the hooking code that NtHookEngine writes is longer than 8 bytes, then WasCod...
by madshi
Tue Apr 06, 2021 1:03 pm
Forum: madCodeHook
Topic: using RestoreCode with NtHookEngine
Replies: 12
Views: 516

Re: using RestoreCode with NtHookEngine

I'm not sure why it fails. RestoreCode is pretty simple. Here's how the code looks like (in Delphi): function RestoreCode(code: pointer) : bool; stdcall; var module : HMODULE; orgCode : int64; s1 : AnsiString; op : dword; begin result := false; if FindModule(code, module, s1) and WasCodeChanged(modu...
by madshi
Wed Mar 31, 2021 4:08 pm
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: Fastest way to IPC from a DLL to an EXE

I'm not sure why SendMessage is faster for you, that seems weird to me. However, I think you're testing all this within the same thread? It might make sense to use a separate thread to do the Post/SendMessage calls. That should be a better simulation about how this would perform across process bound...
by madshi
Wed Mar 31, 2021 9:07 am
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

Hehe, yes! I was a bit scared because I know that SendMessage() internally handles messages. So calling SendMessage() inside of a hook callback function can be a bad idea.
by madshi
Wed Mar 31, 2021 9:02 am
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

I was mainly worried about the alertable state of the thread calling PostMessage. But good to know it doesn't change the alertable state of any thread, thanks!
by madshi
Wed Mar 31, 2021 8:51 am
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

Yes, iconic is right, of course, about services. PostMessage may not work if the other process is a service. Considering abalonge talked about a script process, I thought it would be a normal user process. But it might not be. @iconic, calling PostMessage does not internally make the thread handle m...
by madshi
Wed Mar 31, 2021 6:53 am
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

A simple "callback" won't work across process boundaries. I think the easiest way to solve this is to simply use PostMessage(). It's surprisingly fast and very easy to use. E.g. in your DLL (when loaded inside of the script process) do: PostMessage(YourExesMainFormWindowHandle, WM_USER + 1...
by madshi
Tue Mar 30, 2021 4:30 pm
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

I think you need to work on understanding the concepts of process isolation better. IPC will not magically make your EXE's code available to another process. If you want to call your EXE's code in the context of another process then you first have to get the other process to load your EXE's code som...
by madshi
Tue Mar 30, 2021 12:50 pm
Forum: madCodeHook
Topic: Fastest way to IPC from a DLL to an EXE
Replies: 23
Views: 1019

Re: inter-process callback possible?

A "function address of a delphi program" sounds like you're talking about code that is located in an EXE file? If so, no, you cannot easily make this available in other processes. Other processes would first have to load a module (DLL/EXE) file which contains the same code. Please understa...