Question: what are maldoc detonation issues?

[mbandzi]

Hi.

Some hooks we are using in the original Cuckoo monitor are commented out with the // maldoc detonation issues message. Can you please explain what this comment means?

The hooks themselves seem to be same otherwise, but I am not sure what I am risking by enabling them. We did not notice any issue with these hooks in the original monitor.

Thanks.

[kevoreilly]

It simply means that those hooks caused maldoc detonation failures - see https://github.com/kevoreilly/CAPEv2/issues/370

It took me days to go through all the hooks one by one to find problematic ones. As to why they break these maldoc detonation chains, I don't know. Perhaps Office does its own hooks/mods that break things but it's incredibly fiendish to debug.

I plan to work around this soon but creating a specific office hook set, then these can probably be re-enabled in the main set. Feel free to pr this if so inclined!