 |
function SetMadCHookOption (option: dword; param: PWideChar) : bool; stdcall; const // before installing an API hook madCodeHook does some security checks // one check is verifying whether the to be hooked code was already modified // in this case madCodeHook does not tempt to modify the code another time // otherwise there would be a danger to run into stability issues // with protected/compressed modules there may be false alarms, though // so you can turn this check off // param: unsused DISABLE_CHANGED_CODE_CHECK = $00000003; // when calling SendIpcMessage you can specify a timeout value // this value only applies to how long madCodeHook waits for the reply // there's an additional internal timeout value which specifies how long // madCodeHook waits for the IPC message to be accepted by the queue owner // the default value is 7000ms // param: internal timeout value in ms // example: SetMadCHookOption(SET_INTERNAL_IPC_TIMEOUT, PWideChar(5000)); SET_INTERNAL_IPC_TIMEOUT = $00000005; // VMware: when disabling acceleration dll injection sometimes is delayed // to work around this issue you can activate this special option // it will result in a slightly modified dll injection logic // as a side effect injection into DotNet applications may not work properly // param: unused VMWARE_INJECTION_MODE = $00000006; // system wide dll injection normally injects the hook dll into both: // (1) currently running processes // (2) newly created processes // this flag disables injection into already running processes // param: unused DONT_TOUCH_RUNNING_PROCESSES = $00000007; // normally madCodeHook renews hooks only when they were removed // hooks that were overwritten with some other code aren't renewed by default // this behaviour allows other hooking libraries to co-exist with madCodeHook // use this flag to force madCodeHook to always renew hooks // this may result in other hooking libraries stopping to work correctly // param: unused RENEW_OVERWRITTEN_HOOKS = $00000009; // system wide dll injection normally injects the hook dll into both: // (1) currently running processes // (2) newly created processes // this option enabled/disables injection into already running processes // param: bool // default: true INJECT_INTO_RUNNING_PROCESSES = $0000000a; // system wide dll uninjection normally does two things: // (1) uninjecting from all running processes // (2) stop automatic injection into newly created processes // this option controls if uninjection from running processes is performed // param: bool // default: true UNINJECT_FROM_RUNNING_PROCESSES = $0000000b; // by default madCodeHook allocates at <= $71af0000 // you can tell madCodeHook to allocate at the address you prefer // param: LPVOID (must be < $80000000) // default: $71af0000 X86_ALLOCATION_ADDRESS = $0000000c; // By default madCodeHook performs several hook address verifications. // You can disable that to save performance, but that means it's your // responsibility then to provide proper addresses. // Hook address verification includes things such as bypassing existing // import/export table manipulations etc. // param: bool // default: true VERIFY_HOOK_ADDRESS = $0000000d; // By default madCodeHook disassembles the whole to-be-hooked API/code, // to make sure it can be hooked without stability issues. You can disable // this check, but if that produces stability issues, that's on your head. // param: bool // default: true DISASM_HOOK_TARGET = $0000000e; // madCodeHook has two different IPC solutions built in // in Vista+ and in all 64 bit OSs the "old" IPC solution doesn't work // so in these OSs the new IPC solution is always used // in older OSs the old solution works, but the new one is used by default // the new solution is based on undocumented internal Windows LPC APIs // the old solution is based on pipes and memory mapped files // you can optionally force the old IPC solution for the older OSs // param: unused USE_OLD_IPC_LOGIC = $0000000f; // the IPC port is usually accessible by Everyone // if you prefer, you can assign limited access rights to the port // only SYSTEM and the creator then have access rights // this is not recommended because it may block communication // so don't use it, unless you know exactly what you're doing // param: bool // default: false LIMITED_IPC_PORT = $00000010; // By default, madCodeHook internally hooks LoadLibrary, so that it can // automatically install your API hooks when the target DLL is loaded. // This allows you to call HookAPI() in DllMain even for DLLs that are not // loaded yet. You can disable this internal LoadLibrary hook, but it's not // recommended. Set this option before you do the first HookAPI() call. // param: bool // default: true HOOK_LOAD_LIBRARY = $00000011; // By default, madCodeHook tries to hook LoadLibrary by modifying the code // in LoadLibraryExW which internally calls LdrLoadDll. The purpose of this // approach is that many many people like to hook LoadLibraryExW, so by // hooking it in a different way there's a chance we can minimize conflicts // with other hook libraries. // However, you can disable this solution, for whatever reason. If you do, // madCodeHook will use "conventional" LoadLibraryExW hooking instead. // param: bool // default: false DISABLE_LDR_LOAD_DLL_SPECIAL_HOOK = $00000012; // Starting with Windows 10, when a process is initialized, the OS likes to // load DLLs in multiple threads. This might give a small speed improvement, // but it can cause problems with our DLL injection technique. So madCodeHook // by default disables "parallel loading" for processes your hook DLL gets // injected into. // param: bool // default: true DISABLE_PARALLEL_DLL_LOADING = $00000013; // By default, the madCodeHook injection driver injects your DLL into newly // created processes by hooking "NtTestAlert()". Which the OS loader usually // calls the first time right before executing the EXE's "main()" entry // point. // Optionally, you can activate the new IAT patching logic, which will // modify the EXE's import table in such a way that your hook DLL appears to // be statically linked to by the EXE. This way the OS loader will actually // do the dirty work for us and load your hook DLL together with all the // other statically linked DLLs. Unfortunately this also means that the OS // considers your hook DLL essential to the new process, so we can't ever // uninject it again. // param: bool // default: false USE_IAT_DLL_INJECTION = $00000014; // When calling HookAPI/Code with the SAFE_HOOKING flag, madCodeHook // by default waits forever (in a blocking way), until it's sure that // installing the API hook can be done without stability issues. // Optionally, you can tell madCodeHook to abort waiting after a specific // timeout. This of course defeats the purpose of the SAFE_HOOKING flag // to some extent. But it's your decision, of course. // param: internal timeout value in ms (0 = no timeout) // example: SetMadCHookOption(SET_SAFE_HOOKING_TIMEOUT, (LPCWSTR) 5000); SET_SAFE_HOOKING_TIMEOUT = $00000015; // Normally, madCodeHook only checks if API hooks need to be installed, if // a *new* DLL is loaded into the current process. However, the check if a // loaded DLL is new or not consumes time on its own. So this option allows // you to skip the check if a loaded DLL is new or not, which may save some // time. But then that also results in madCodeHook always checking if API // hooks need to be installed, which also consumes time. Not really sure // which way is faster overall. // param: bool // default: false ALWAYS_CHECK_HOOKS = $00000016; |