Madshi codehook: My process is being terminated

Posted on 2004-11-13
Last Modified: 2008-02-01
I am using Madshi codehook.
I create a iexplore process, then inject a library.
This works very good. But problem is that when i visit some sites (like
then entire process is terminated.
Untill now only this bug appeared on and not on any other sites. (But I guess there is more sites it will appear on)

Then I used mozilla /firefox to open the narutofan site. This time the process wasn't terminated.
This is the code I use to inject.

CreateProcess(nil, pchar(c:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE), nil, nil, False,0, nil, nil, StartInfo, ProcInfo);

  Process := ProcInfo.hProcess;
  GetCurrentDirectory(MAX_PATH, Path);
  Module := CreateFile(pchar('Some.dll'), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
  Size := GetFileSize(Module, nil);
  GetMem(Data, Size);
  ReadFile(Module, Data^, Size, BytesRead, nil);
  InjectLibrary(Process, Data);
Question by:Zabuza-san
    1 Comment
    LVL 20

    Accepted Solution

    You can't use InjectLibrary with a memory buffer. You need to give in the name of the dll instead. So please do:

    InjectLibrary(ProcInfo.hProcess, 'Some.dll');

    Instead of all the code you posted. Don't know whether this has anything to do with the IE crash, though.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
    Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now