www.madshi.net
Open in
urlscan Pro
2a00:1158:1000:300::2f9
Public Scan
URL:
http://www.madshi.net/
Submission: On February 24 via manual from LU — Scanned from FR
Submission: On February 24 via manual from LU — Scanned from FR
Form analysis
0 forms found in the DOMText Content
Systemsoftware Mathias Rauen madshi@gmail.com Eulenacker 4 Germany · 22175 Hamburg about us home home madExcept madCodeHook choose product here news 2021-12-27 · madCollection 2.8.11.0 · madExcept 5.1.2 · madCodeHook 4.2.1 downloads official version release: · madCollection.exe support online documentation: · http://help.madshi.net forum: · http://forum.madshi.net 2021-12-27 madExcept 5.1.2 comes with the following changes (compared to 5.1.0): · added support for Delphi/BCB 11 · HTTP uploads: added TLS 1.1, TLS 1.2, SSL 3.0 · small change to make new Mantis versions happy madCodeHook 4.2.1 comes with the following changes (compared to 4.1.3): · rewrite of many assembler stubs to make Intel CET happy · fixed: GetStoredThreadState() sometimes failed · fixed some vulnerabilities · improved IPC reliability under heavy stress · fixed rare crash when installing API hook · fixed rare issue with user mode injection into DotNet · fixed rare crash with weird docker configurations · added INJECT_ALLOW_THREAD flag · [driver] made driver device more secure to avoid vulnerabilities · [driver] added even more checks to prevent vulnerabilities · [driver] changed injection stubs to make Intel CET happy · [driver] fixed crash when process was created while uninjecting · [driver] "secure" processes are no longer injected · [driver] added support for 4096 bit keys Credit to Michael Gorelik (@smgoreli), Assaf Kachlon and Andrey Diment from Morphisec for finding and reporting two driver vulnerabilities, which of course are fixed by this new build. 2020-07-16 madExcept 5.1.0 comes with the following changes: · added support for Delphi/BCB 10.4 · added new leak checking API SetChildLeakFiltering · added new leak checking API WaitForCleanExitProcess · init speedup when using madExcept in a lot of dlls · a bunch of smaller bug fixes madCodeHook 4.1.3 comes with the following changes: · return to trusted "old" user mode injection method · fixed potential thread timing bug in DestroyIpcQueue · fixed potential memory leak in CopyFunction · improved multi-threading for PatchCreateRemoteThread · added SET_SAFE_HOOKING_TIMEOUT option · SendIpcMessage now defaults to not handle messages · [driver] fixed vulnerability (redirecting dll file via junction) · [driver] added several checks to prevent vulnerabilities · [driver] only admin users can now open the driver in user land · [driver] fix for rare BSOD when using approval callback · [driver] fixed CFG problem when accessing user land memory Credit goes to Kyriakos Economou (@kyREcon) from Nettitude for finding and reporting a new vulnerability (the hook dll file path could be redirected by using a junction in a tricky way). Which is fixed by this new build. 2018-11-29 For a long time I tried to resist the temptation to switch to a madExcept subscription style license. But I finally have to give in now, because the number of license sales isn't as high as it used to be, while supporting and maintaining madExcept still requires the same amount of work as always. So starting now, a new madExcept license will give you 1 year access to all minor and major updates/upgrades for free. After the 1 year period, you have the option to extend your subscription. If you don't, you will still be able (and allowed) to use all madExcept versions that were released within your subscription interval "forever". However, you will no longer get access to new madExcept builds released after your subscription has run out. Considering that there are no new show stopper features on the radar right now, I'm setting the yearly subscription rate to a relatively modest 30% fee (of the price of a new license). To ease existing madExcept users into entering subscription, I'm now releasing madExcept 5.0, with a couple improvements over 4.x. The list of changes is relatively short, though, which means I will not ask for an upgrade price. So in a sense the upgrade to 5.0 is "free". I do, however, ask that you enter the yearly subscription now, which will give you access to 5.0. If you're ready to support my work, you can enter subscription right now, for a Single Developer License here, or for the Company License here. Thank you very much! If your madExcept 4.x license is younger than 1 year, please contact me to get a free new 5.0 key file with the appropriate time on the subscription clock. madExcept 5.0.0 comes with the following changes: · added support for Delphi/BCB 10.3 Rio · added support for 64bit memory & resource leak reporting · added support for 64bit buffer overrun etc detection madCodeHook 4.1.2 comes with the following changes: · [driver] optimized image load notification handling for older OSs · [driver] added protection against invalid x86 allocation address · [driver] added further file access hardening to prevent future vulnerabilities 2018-11-17 madCodeHook 4.1.1 comes with the following changes: · added ex/including Metro app injection functionality · added support for selectively activating IAT injection · improved static lib smart linking support · [driver] fixed potential (rare) blue screen · [driver] fixed privilege escalation vulnerability madExcept 4.0.21 comes with the following changes: · improved 64bit stack tracing reliability · added uses clause "System.ShareMem" auto sorting · madExcept no longer patches the EXE/DLL for BCB64 2018-07-31 Today madCodeHook 4.1.0 introducess an optional new DLL injection technique: The new technique has a couple of advantages and disadvantages compared to the "old" one. Because of that the old technique stays the default. The new DLL injection technique works by modifying the EXE's import table in such a way that the OS loader believes that your hook DLL would be statically linked to by the EXE. This brings us the following advantages: * The OS loader actually now loads your hook DLL for us, when initializing the new process. Which means we don't have to inject any code patches into newly created processes, anymore, or hook any APIs. So this solution should be cleaner and simpler. * Your hook DLL will be listed as the first DLL the EXE statically links to. As a result, the OS loader will load your hook DLL first, before any other statically linked DLLs. Which is a big advantage because it means your API hooks will be installed before any statically linked DLLs have a chance to do anything. There's no free lunch, unfortunately, so the new DLL injection method also comes with a couple of disadvantages: * Since the OS considers your hook DLL as being statically linked to by all newly created processes, the OS will refuse to unload your hook DLL from any of these. This practically makes uninjection impossible. * The EXE import table uses ANSI chars. So your hook DLL file name/path must consist of ANSI chars, only. No Unicode supported. Maybe you can workaround this issue by using GetShortPathNameW(), though. * If for any reason a newly created process is not able to load your hook DLL, the OS loader will show an error message and refuse to let the process run. In a worst case scenario it's possible that no process can be created at all, anymore. So you need to make sure your hook DLL can always be successfully loaded. Avoid statically linking to any weird DLLs, avoid weird manifests and make sure the NTFS rights allow read & execute for all users. Another bigger change is that the DLL injection driver now supports storing the public key of your signing certificate. Let me explain why this is useful: Recently, Microsoft changed their EV signing procedure. They used to just add their own certificate to your's. But now they completely remove your certificates in some situations, which makes madCodeHook's driver unable to successfully match the driver's signature with the hook DLL's signature. I've made 2 changes now to work around this problem: * The driver will now compare the hook DLL's first signature with *all* of the driver's signatures (not just the first one). So you can make the signature matching work by re-adding your own signature to Microsoft's EV signature. * Some (security) users mentioned that such a more flexible signature match might not always be 100% secure, because the matching might actually find matching Microsoft signatures instead of your private signatures. As a result, I've added an option to the "madConfigDrv" tool which allows you to bind the driver to your specific certificate. This way the driver will only accept hook DLLs as trustworthy which are really signed with your specific certificate. Please note that some of these changes are going rather deep, so although in my tests everything worked nicely, please consider the new features somewhat "experimental". Which means I'd recommend that you test them throuroughly yourself before using them in production software. I'm optimistic about that they work well, though. 2018-05-31 Today madCodeHook v4 introducess a relatively "big" new feature: You can now register a user mode callback, which the driver will call for all newly created processes which match your injection criteria. Your user mode callback then has the option to approve or reject DLL injection for each newly created process. Please note that this kind of callback from a driver to user land, which delays the start of new processes, is not recommended by Microsoft. So use this new feature at your own risk! It seems to work pretty well, though. If you do use this feature, please make sure your callback executes as quickly as possible, to avoid any unnecessary delays for newly started processes. Furthermore, both the new madCodeHook v3 and v4 build now disable the "parallel DLL loading" feature of the Windows 10 OS loader, for any processes we inject our hook DLL into. "Parallel loading" basically tries to initialize newly created processes in a multi-threaded way. This OS loader feature can make problems if DLL injection and API hooking is used. Consequently the OS already disables it itself in certain situations. Now madCodeHook does that automatically, which should help Windows 10 stability. Please note that madCodeHook 3.0.18 is probably going to be the last v3 build! I will concentrate on madCodeHook v4 development and support now. Which means if you haven't upgraded to v4 yet, now might be a good time. To make your decision a bit easier, I'm reducing upgrade pricing from 60% (of the price of a new license) down to 50% for the next 2 weeks. This price includes one full year of subscription. After that year has passed, you can optionally renew the subscription for a yearly payment of 30% of the price of a new license. If you'd like to upgrade from v3 to v4, please contact me via email, thank you! Now here comes the usual detailed list of changes: madCodeHook 4.0.5 comes with the following changes: · added support for driver DLL inject approval callback · added "callback" parameters to InjectLibraryA/W · avoid crash when uninstalling API hooks in Edge · improved LoadLibrary hook thread safety · avoid deadlock while checking for new/removed DLLs · improved ProcessIdToFileName for wow64 processes · added DISABLE_LDR_LOAD_DLL_SPECIAL_HOOK option · added DISABLE_PARALLEL_DLL_LOADING option · [driver] added support for driver DLL inject approval callback · [driver] disable injection for "dynamic code" policy processes · [driver] added support for disabling parallel DLL loading · [driver] fixed: permanent 64bit injection failed in newer OSs · [driver] fixed: collision between multiple madCodeHook drivers · [driver] injection is now only performed in main thread madExcept 4.0.20 comes with the following changes: · some small leak reporting bugfixes · improved SW_HIDE compatability · optimized madExceptViewer tool default window size · madIWSupport: added support for official IW exception callback madCodeHook 3.1.18 comes with the following changes: · avoid crash when uninstalling API hooks in Edge · improved LoadLibrary hook thread safety · avoid deadlock while checking for new/removed DLLs · [driver] disable injection for "dynamic code" policy processes · [driver] added support for disabling parallel DLL loading · [driver] fixed: collision between multiple madCodeHook drivers · [driver] injection is now only performed in main thread 2017-12-22 madExcept 4.0.19 comes with the following changes: · added support for %localappdata% · fixed: editing settings could corrupt passwords · fixed: fetching bugtracker data could modify settings madCodeHook 4.0.4 comes with the following changes: · fixed: sending 32bit IPC from system to user failed · fixed: sending IPC from RuntimeBroker.exe could fail · fixed: ProcessIdToFileName sometimes missed full path · fixed: memory leak in ProcessIdToFileName · [driver] fixed: potential stack overflow · [driver] fixed: authenticode check sometimes incorrectly failed · [driver] fixed: couldn't verify drv certificate in system32 folder · [driver] some tweaks to make Microsoft HLK happy madCodeHook 3.1.17 comes with the following changes: · fixed a small AllocMemEx bug · [driver] fixed: potential stack overflow · [driver] allocation now defaults to PAGE_READWRITE, no EXEC · [driver] some tweaks to make Microsoft HLK happy 2017-07-14 madExcept 4.0.18 gets a couple small bugfixes. madCodeHook 4.0.3 comes with the following changes: · improved DestroyIpcQueue to avoid leaks and freezes · improved Chrome sandbox uninjection · improved "FOLLOW_JMP" to work with Bitdefender x64 · CreateIpcQueue supports a custom security descriptor · [delphi] fixed: initialization could eventually (rarely) crash · [driver] fixed: another potential Windows 10 crash (32+64bit) · [driver] fixed: wow64 injection freeze in XP/2003 (x64 only) · [driver] fixed: VirtualBox x64 injection freeze in Windows 7 madCodeHook 3.1.16 comes with the following changes: · improved DestroyIpcQueue to avoid leaks and freezes · improved Chrome sandbox uninjection · improved "FOLLOW_JMP" to work with Bitdefender x64 · [delphi] fixed: initialization could eventually (rarely) crash · [driver] fixed: another potential Windows 10 crash (32+64bit) 2017-03-30 madExcept 4.0.17 gets a rerelease with added BDS 10.2 Tokyo support. madCodeHook 3.1.15 and madCodeHook 4.0.2 come with the following changes: · added "HOOK_LOAD_LIBRARY" option · [driver] fixed: potential Windows 10 Redstone 2 crash (32bit) · [driver] some minor changes to make Windows 10 HLK happy 2017-03-21 madExcept 4.0.17 comes with the following changes: · dialogs are now somewhat high dpi friendly in win10 · small performance tweak for x64 stack tracing · added warning if saving settings failed · added workaround for Wine 64bit bug · added undocumented "HandleMessagesInMainThread" option madCodeHook 4.0.1 comes with the following changes: · fixed: bug handling "JMP/CALL +0" instructions · fixed: crash with Windows XP Black editions · fixed: uninject callback failed if no API was hooked · fixed: injecting dlls from within rundll failed · fixed: IPC answer didn't always arrive · fixed: dll injection handle leak · improved chrome sandbox uninjection · improved GetCallingModule reliability · performance improvement when checking newly loaded dlls · added new "LIMITED_IPC_PORT" option · [driver] reverted back to old injection method (due to Kaspersky) · [driver] fixed: StormShield fix didn't work, anymore · [driver] allocation now defaults to PAGE_READWRITE, no EXEC madCodeHook 3.1.14 comes with the following changes: · fixed: bug handling "JMP/CALL +0" instructions · fixed: crash with Windows XP Black editions · improved GetCallingModule reliability · performance improvement when checking newly loaded dlls · added new "LIMITED_IPC_PORT" option · [driver] fixed: StormShield fix didn't work, anymore 2016-08-26 I'm happy to announce the brand new madCodeHook 4.0 with the following key improvements: · new "permanent" dll injection option survives reboots · verification of hook dll's code signing signatures · API hooks can now optionally record the caller's "thread state" · stable cleanup of your hook dll resources · rewritten dll injection technique (for newly created processes) · improved compatability with other hooking libraries A more detailed description about the various improvements is available here. I've decided to move to a subscription based licensing model. Please don't worry about it, I think the terms and conditions are more than fair. My pricing math works out like this: If I release a major new upgrade (madCodeHook 4.0, 5.0, 6.0 etc) every 2 years, and ask for a 60% upgrade price every time, this sums up to the same 30% yearly subscription rate I'm asking for now. And you can just let the subscription run out at any time and you're still allowed to keep using the version you're on forever. There are a couple different reasons why I'm switching to a subscription model: For one, it gives me a more predictable income. Furthermore, I don't have to save major functionality improvements for the next major upgrade, anymore. Instead I can now constantly and regularly work on improving madCodeHook, which should be a benefit for everyone. Finally, I hope that including a reasonable yearly payment into your budget might be easier than fitting in a much larger upgrade price every other year. The exact terms of the subscription model, with full upgrade pricing etc is explained on the shop page. If you have a need to discuss this payment model change, or the upgrade pricing, please feel free to contact me email. I'm open for discussion and reasonable arguments. 2016-05-17 madExcept 4.0.15 comes with the following changes: · added support for RAD Studio 10.1 Berlin · patching doesn't change EXE/DLL file time, anymore madCodeHook 3.1.12 comes with the following changes: · fixed: some chrome shutdown crashes (when debugging) · fixed: hook uninstall could crash (when debugging) · fixed: SAFE_HOOKING could crash after uninjection · fixed: IPC reply sometimes didn't arrive (missing PID) · fixed: hook stub was allocated at wrong address (x64) · fixed: preferred allocation address was sometimes ignored · [C++] fixed: couple of leaks in HookAPI() · [driver] fixed: leaked thread handle 2016-03-23 madExcept 4.0.14 comes with the following changes: · exception box is now auto sized to show full header · exceptbox size now supports weird window frame sizes · added "HideLeak(someCallstack)" API · fixed: IDE crashes were reported as "Unknown" class · fixed: weird chars stopped Mantis/BugZilla upload · fixed: HTTP uploading created incompatible MailFrom field · fixed: 64bit madTraceProcess sometimes failed to find a process madCodeHook 3.1.11 comes with the following changes: · fixed some PAGE_EXECUTE_READWRITE security issues · fixed: x64 jmp/call relocation miscalculation · added hook to detect delay loaded dlls · new process dll inject now always done in main thread · dll injection loader lock improvement · small performance improvements · fixed rare crash when calling HookAPI · [C++] fixed: some undocumented APIs had incorrect types · [C++] fixed: ipc resource handling bug in case of failure · [driver] fixed some PAGE_EXECUTE_READWRITE security issues · [driver] worked around Microsoft EMET EAF complaint · [driver] dll inject is now always done in main thread (win10) · [driver] ntdll APIs are now located by parsing ntdll.dll file · [driver] fixed conflict where alloc collided with kernel32.dll · [driver] fixed: DriverVerifier made driver not load (win8 x64) · [driver] fixed: some undocumented APIs had incorrect types 2015-09-10 madExcept 4.0.13 comes with the following changes: · added support for RAD Studio 10 Seattle · speeded up handling of "handled"/hidden exceptions madCodeHook 3.1.10 comes with the following changes: · fixed: threading issue when to-be-hooked dll is loaded · fixed: some conflicts with other hook libraries (x64) · improved thread protection for multiple injections 2015-04-21 madExcept 4.0.12 comes with the following changes: · added support for RAD Studio XE8 · added detection for Windows 8.1, Windows 10 etc · a couple of small bug fixes madCodeHook 3.1.9 comes with the following changes: · fixed: rare injection/hook instability bug · fixed: rare IPC stability bug · memory allocation performance improvement 2014-10-26 madExcept 4.0.11 comes with the following changes: · added support for RAD Studio XE7 · fixed: plugins didn't work in XE6 · fixed: rare FPU exception crash when checking for leaks · fixed: sometimes VirtualAlloc resources were reported as leaks · fixed: "send bug report in background" dialog option didn't stick · fixed: madExceptWizard sometimes produced superfluous QC warnings · fixed a couple more small/rare bugs · madExceptPatch.exe: speedup when parsing large map files · madExceptPatch.exe: improved support for relative paths · madExceptPatch.exe: added new switch "/restoreFileTime" · madExceptWizard: map file isn't loaded in the IDE at all, anymore madCodeHook 3.1.8 comes with the following changes: · fixed: RestoreCode sometimes produced incorrect code · fixed: hooking ntdll in non-large-address-aware x64 processes crashed · FOLLOW_JMP now follows up to 10 JMPs in a row · [driver] fixed denial of service vulnerability (found by Parvez Anwar) · [C++] fixed: CreateProcessEx for x64 processes sometimes failed · [C++] fixed: x64 hook installation sometimes (rarely) crashed · [Delphi] fixed: XP/2003 x64: injection into 32bit processes failed · [Delphi] added RAD Studio XE7 support 2014-05-11 madExcept 4.0.10 comes with the following changes: · added support for XE6 · email "reply to" address is now automatically set · added "replyTo" parameter to SendSmtpMail · added undocumented SmtpReplyTo/SmtpPort options · added support for Mantis sub projects · limited Mantis OS string len to what Mantis supports · added "HideInitializionLeaks" API · "ExceptClass" for freezes is now reported as EFrozen · added security to internal memory map sections madCodeHook 3.1.7 comes with the following changes: · [C++] fixed: 32bit injection problems when compiled as 32bit · [driver] fixed: injection sometimes failed (win8.1) madSecurity 1.2 comes with the following changes: · added 64bit support · added full Unicode support 2013-12-03 madExcept 4.0.9 comes with the following changes: · fixed: PNG screenshots created by x64 code were corrupted · fixed: protection failed for "TWeird.ThreadName" · fixed: HTTP upload feedback didn't work, anymore · fixed: BCB callstacks weren't always optimal · BCB5 bug workaround to make madExcept work for dlls · added new "HideLeak(TSomeObject, count)" API · renamed "ThisIsNoLeak" API to "HideLeak" · madCompileBugReport: fixed column alignment problems madCodeHook 3.1.6 comes with the following changes: · fixed: CreateProcessEx failed for .Net processes · fixed a couple of rare crashes · [C++] added separate "madCHook64md" and "madCHook64mt" static libs · [driver] fixed: injection in Vista x64 sometimes failed 2013-10-07 madExcept 4.0.8.1 comes with the following bug fixes: · fixed bug in TThread handling (introduced in 4.0.8) · fixed BCB callstack bug in try..catch blocks 2013-10-01 madExcept 4.0.8 comes with the following changes: · added support for XE5 · added madTraceProcess64 · added "largest free block" header info · fixed a couple of weird bugs · madExceptWizard: patching is now always moved to madExceptPatch tool · madExceptViewer: newest bug report is now listed on top madCodeHook 3.1.5 comes with the following changes: · added support for XE5 · added support for Windows 8.1 · improved FOLLOW_JMP implementation · [driver] revert aligned UNICODE_STRING (compatability problems) · [driver] fixed injection problem caused by StormShield fix 2013-05-13 madExcept 4.0.7 comes with the following changes: · added support for XE4 · fixed: empty bug reports were saved/sent · fixed: class type exceptions were not handled correctly · fixed: leak reporting changed FPU control word madCodeHook 3.1.4 comes with the following changes: · added support for XE4 · fixed: IPC in Metro apps only worked without replies · fixed: win9x hooking eventually crashed · fixed: FOLLOW_JMP eventually modified export tables · fixed: UNICODE_STRING in internal structure was not aligned properly · "driver only" injection now works without admin rights (if driver is already installed and running) 2013-03-13 madExcept 4.0.6 comes with the following changes: · IMEException.ThreadIds/.Callstacks properties added · IMEException.ExceptionRecord property added · added SetDebugMmAlignment API · fixed Mantis automation for latest Mantis version · fixed Armadillo x64 incompatability · improved callback parsing for exception box · fixed: custom RaiseExceptionProc callbacks didn't work · undocumented option "ShowOuterExceptDetails" added · fixed freeze when asking BugReport in epCompleteReport madCodeHook 3.1.3 comes with the following changes: · fixed: injecting multiple 32bit dlls in x64 OS crashed · fixed: uninjecting DLL twice at the same time crashed · fixed: IPC messages sometimes contained wrong session id · fixed: incompatability with MSVC++ 2012 on Windows 8 · added support for csrss injection in Windows 8 · added new FOLLOW_JMP flag for HookAPI/Code · fixed crash when hooking system APIs in x64 MSSQL · [delphi] fixed: 64bit injection crash when using Delphi XE2/3 · [driver] fixed: Verifier blue screens when using ex/include lists · [driver] fixed: closing processes in x64 OSs sometimes froze · [driver] fixed: injection failure with MSVC++ 2012 hook dlls 2012-09-05 madExcept 4.0.5 comes with the following changes: · added support for XE3 · a couple of bugfixes and minor improvements madCodeHook 3.1.2 comes with the following changes: · added support for XE3 · added support for Metro (AppContainer integrity) apps · fixed: crash in CreateProcessEx (32bit) · fixed: uninjection crash in w2k3 error reporting service 2012-08-03 madExcept 4.0.3 comes with the following changes: · improved leak reporting performance and reliability · added patch to fix BCB XE/XE2 RTL bug · many bugfixes and small improvements madCodeHook 3.1.0 comes with the following changes: · added support for Delphi XE2 x64 · a couple small bugfixes 2012-06-14 The new madCollection 2.7.1.0 contains the following madExcept 4 changes: · added FireMonkey support (Windows only) · significantly improved leak reporting performance and memory consumption · significantly improved "instantly crash on buffer over/underrun" feature · a bunch of important bug fixes 2012-05-23 I'm happy to announce the brand new madExcept 4.0 with the following key improvements: · full support for XE2 x64 compiler · full unicode support · FogBugz, BugZilla and Mantis reporting (screenshot) · SSL and TLS SMTP client mailing (screenshot) · SSL HTTP uploading · memory and resource leak reporting (screenshot) · debug memory manager · new madExceptViewer tool · support for nested exceptions · Windows Logo compliance A more detailed description about the various improvements is available here. Upgrade links are available on the shop page.