Search found 150 matches
- Mon Aug 24, 2015 10:50 am
- Forum: madCodeHook
- Topic: Google chrome - OpenFileMapping ACCESS_DENIED
- Replies: 15
- Views: 16316
Re: Google chrome - OpenFileMapping ACCESS_DENIED
Well, we are hooking LdrLoadDll and LdrUnloadDll. That hook is called in FreeLibrary. So we end up in situation like this: FreeLibrary() LdrUnloadDllHook() LdrUnloadDll() DllMain Unhook LdrUnloadDll - deadlock You can ask, why do we unhook manually. It doesn't matter in this case, because it can cra...
- Mon Aug 24, 2015 9:00 am
- Forum: madCodeHook
- Topic: Google chrome - OpenFileMapping ACCESS_DENIED
- Replies: 15
- Views: 16316
Re: Google chrome - OpenFileMapping ACCESS_DENIED
It is bad because we hook LdrLoadDll. So we have deadlock.
PP
PP
- Thu Aug 20, 2015 8:39 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
It will be better if you do it. There are some bytearray versions too. It will be better to do it right first time. I will try to test it on my side with openfiledialoghook or something like that.
- Thu Aug 20, 2015 8:24 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
Well, you don't need to load them in order to hook them. Also, I can't imagine it's a dynamic load, because if I call FreeLibrary on your hook dll, this doesn't have any effect on other dynamically loaded dlls at all, unless you call FreeLibrary in your dll's DLL_PROCESS_DETACH handling. But then, ...
- Thu Aug 20, 2015 8:02 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
There's a reason the hooking rule 4 says: http://help.madshi.net/HookingRules.htm > In your hook DLL link to as few DLLs as possible. Well we are dependent only on the system ones: WTSAPI32.DLL, PSAPI.DLL, WS2_32.DLL, KERNEL32.DLL, USER32.DLL, GDI32.DLL, WINSPOOL.DRV, ADVAPI32.DLL, SHELL32.DLL, OLE...
- Thu Aug 20, 2015 7:18 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
Yes, you are right. But this is not about safe unhooking. It works just fine. The problem is about how the Inject and Uninject routines are written in the source code... I mean order of operations (unhooking vs. load/free libs), thread safety and some rare "else cases" that are not covered...
- Thu Aug 20, 2015 6:53 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
Well I do see a simple logic. If a dll hooks functions that takes a long time to finish, like GetFileOpenDialog, IFileOperation::PerformOperations and so on, it is just a matter of time until it crashes. All you do is to call Uninject and Inject DLL again when the dialog is open, when the explorer i...
- Thu Aug 20, 2015 6:40 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
Well, we do have some kind of mechanism of choosing injected and uninjected apps dynamically. In some rare cases Windows could cause the injecting thread to be delayed until the uninjecting thread is started or the uninjecting thread is blocked by AutoUnhook until some hooks finish... especially dur...
- Wed Aug 19, 2015 3:06 pm
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
I did more research and madshi is right calling FreeLibrary doesn't crash app. But I found out that if you meddle with dll lock count (like setting it to "dll->LoadCount = 0xff;") it will cause a crash because 1] First thread starts unhooking thread and set it to 1 2] Second thread sets it...
- Wed Aug 19, 2015 1:51 pm
- Forum: madCodeHook
- Topic: Uninjection problem (DLL ref count + AutoUnhookCounter)
- Replies: 13
- Views: 14601
Re: Uninjection problem (DLL ref count + AutoUnhookCounter)
And also... that ExitThread is ugly.
PP
PP
- Wed Aug 19, 2015 1:45 pm
- Forum: madCodeHook
- Topic: Uninjection problem (DLL ref count + AutoUnhookCounter)
- Replies: 13
- Views: 14601
Uninjection problem (DLL ref count + AutoUnhookCounter)
Hi, we found that if we call injection of dll on one process more than 10times we are not able to uninject dll anymore. It is because calling of FreeLibrary is stopped after 10 calls and AutoUnhookCounter is 0. So no more threads are able to uninject anything. It is also reproducible with your demos...
- Wed Aug 19, 2015 1:38 pm
- Forum: madCodeHook
- Topic: Microsoft Edge crash
- Replies: 2
- Views: 5441
Re: Microsoft Edge crash
Hi,
we will try to reproduce it with your demo.
PP
we will try to reproduce it with your demo.
PP
- Tue Aug 18, 2015 8:02 am
- Forum: madCodeHook
- Topic: Microsoft Edge crash
- Replies: 2
- Views: 5441
Microsoft Edge crash
Hi, we are testing w10 support and we found some crash in Edge in MCH function CreateMetroSd. MicrosoftEdgeCP.exe(5).408.dmp --------------------------------------------- FAULTING_IP: iertutil!IEConfiguration_GetBool+318 00007fff`cec35bc8 488b04c8 mov rax,qword ptr [rax+rcx*8] EXCEPTION_RECORD: ffff...
- Tue Aug 11, 2015 9:45 am
- Forum: madCodeHook
- Topic: Google chrome - OpenFileMapping ACCESS_DENIED
- Replies: 15
- Views: 16316
Google chrome - OpenFileMapping ACCESS_DENIED
Hi, we have an issue with google chrome processes running at the untrusted integrity level on w81. MCH doesn't disable any hooks during the uninjection of our library. The reason is that the MCH is unable to call OpenFileMapping on the AutoUnhookMap mapped file. The get last error says ACCESS_DENIED...
- Tue Aug 11, 2015 9:38 am
- Forum: madCodeHook
- Topic: Uninjection thread safety
- Replies: 27
- Views: 33369
Re: Uninjection thread safety
Any progress?
PP
PP