Problem with madexcept + dll injection
Problem with madexcept + dll injection
Good evening.
So, i have small self-written dll (Delphi), and application, which start another program, and after launch inject this dll there.
Dll have totally disabled madexception, application - enabled.
All is ok, but in Win 10 x64 when application have option "link in madExcept code" - dll failed to inject. Visually all is ok, success on all stages checks, but dll thread not exists in target program's threads. When this option is swithced off - no proble at all, dll injected and started fine.
Delphi 10, madExcept 4.0.14
Pleale advice me, how to solve this problem.
If you need additional info - just ask.
P.S. thanks for exellent package!
So, i have small self-written dll (Delphi), and application, which start another program, and after launch inject this dll there.
Dll have totally disabled madexception, application - enabled.
All is ok, but in Win 10 x64 when application have option "link in madExcept code" - dll failed to inject. Visually all is ok, success on all stages checks, but dll thread not exists in target program's threads. When this option is swithced off - no proble at all, dll injected and started fine.
Delphi 10, madExcept 4.0.14
Pleale advice me, how to solve this problem.
If you need additional info - just ask.
P.S. thanks for exellent package!
Re: Problem with madexcept + dll injection
What do you mean with "dll thread not exists"? A dll usually doesn't have its own thread - unless you manually create one. Do you?
I'd suggest that you use ProcessExplorer to check if the dll is really loaded in the target process or not.
Which API / method are you using for DLL injection?
I'd suggest that you use ProcessExplorer to check if the dll is really loaded in the target process or not.
Which API / method are you using for DLL injection?
Re: Problem with madexcept + dll injection
i'm using Process Explorer, yes.madshi wrote:I'd suggest that you use ProcessExplorer to check if the dll is really loaded in the target process or not.
for injecting dll i'm using way with start thread inside target application. When all is OK - i can see in list of application threads my threads with dll. In my situation with Win10 - no dll thread there.madshi wrote:What do you mean with "dll thread not exists"? A dll usually doesn't have its own thread - unless you manually create one. Do you?
UAC, Defender and all stuff like that were disabled (noone of them raise errors, but we try to remove all possible reason of problem).
Injection code:
Code: Select all
function InjectLib(const ProcessID, process_handle : DWORD; DllPath : String) : Boolean;
var
Process : THandle;
ThreadRtn : FARPROC;
RemoteDllPtr : Pointer;
BytesWriten : SIZE_T;
Thread{,ErrorID} : NativeUInt;
ThreadId : DWORD;
ExitCode : DWORD;
begin
// Debug privs for our process.
Result := SetDebugPriv;
if not Result then Exit;
Process := 0;
Thread := 0;
try
if WineEmul then
sleep(1000)
else
if (WaitForInputIdle(process_handle, INFINITE) <> 0) then
Exit;
// Open Process.
Process := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or
PROCESS_VM_WRITE or PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, True, ProcessID);
if Process = 0 then Exit;
// Allocation Memory for string with dll name.
RemoteDllPtr := VirtualAllocEx(Process, nil, (Length(DllPath) + 1) * SizeOf(Char),
MEM_COMMIT or MEM_TOP_DOWN, PAGE_READWRITE);
if RemoteDllPtr = nil then Exit;
// Writing dll's address into this allocated memory.
if not WriteProcessMemory(Process, RemoteDllPtr, PChar(DllPath),
(Length(DllPath) + 1) * SizeOf(Char), BytesWriten) then Exit;
if BytesWriten <> DWORD((Length(DllPath) + 1) * SizeOf(Char)) then Exit;
// Obtain address of LoadLibraryW from Kernel32.dll
ThreadRtn := GetProcAddress(GetModuleHandle('Kernel32.dll'), 'LoadLibraryW');
if ThreadRtn = nil then Exit;
// run remote thread
Thread := CreateRemoteThread(Process, nil, 0, ThreadRtn, RemoteDllPtr, 0, ThreadId);
ThreadId := GetLastError;
if Thread = 0 then Exit;
// waiting for remote thread finish
if (WaitForSingleObject(Thread, INFINITE) = WAIT_OBJECT_0) then
if GetExitCodeThread(Thread, ExitCode) then
Result := ExitCode <> 0;
// ErrorID := GetLastError;
finally
// Remote thread finished sucessfully and start our dll, so
// we can release allocated memory
if RemoteDllPtr <> nil then
VirtualFreeEx(Process, @RemoteDllPtr, 0, MEM_RELEASE);
if Thread <> 0 then CloseHandle(Thread);
if Process <> 0 then CloseHandle(Process);
end;
end;
Re: Problem with madexcept + dll injection
As I said:
> A dll usually doesn't have its own thread - unless you manually create one. Do you?
> I'd suggest that you use ProcessExplorer to check if the dll is really loaded in the target process or not.
In ProcessExplorer, in the menu choose "View -> Lower Pane View -> DLLs". That will give you a list of DLLs loaded in the target process. Is your DLL listed there, when compiled with or without madExcept?
> A dll usually doesn't have its own thread - unless you manually create one. Do you?
> I'd suggest that you use ProcessExplorer to check if the dll is really loaded in the target process or not.
In ProcessExplorer, in the menu choose "View -> Lower Pane View -> DLLs". That will give you a list of DLLs loaded in the target process. Is your DLL listed there, when compiled with or without madExcept?
Re: Problem with madexcept + dll injection
with enabled "link in madExcept code" - no dll in list.
Disabled option = dll in list, all is correct.
Disabled option = dll in list, all is correct.
Re: Problem with madexcept + dll injection
Does this happen for all applications? Even Notepad or MS Paint?
Re: Problem with madexcept + dll injection
i will check it with few different apps, and report.
That's not my PC, but user. I will make small test app, and check it there.
That's not my PC, but user. I will make small test app, and check it there.
Re: Problem with madexcept + dll injection
The reason I'm asking is that it will be difficult for me to do anything about this problem if I can't reproduce it on my own PC.
Re: Problem with madexcept + dll injection
same for me. That's good user, he gave me access by TV and confirmation for any exploration on his PC - but the main, what he can't provide for me, thats connect by PA server by Delphi.madshi wrote:The reason I'm asking is that it will be difficult for me to do anything about this problem if I can't reproduce it on my own PC.
On my Win 7 all is ok, user with Win 8 also report about normal injection.
Anyway, i will inform you about news.
Re: Problem with madexcept + dll injection
Just a wild guess: Is it possible that the security software (anti-virus, anti-whatever) on the end user's PC has a false positive on your dll when it's compiled with madExcept?
Anyway, if you find a way to reproduce the problem, please let me know.
Anyway, if you find a way to reproduce the problem, please let me know.
Re: Problem with madexcept + dll injection
as i told before, we switch off all security stuff like antivirus, UAC, Defender and other.madshi wrote:Just a wild guess: Is it possible that the security software (anti-virus, anti-whatever) on the end user's PC has a false positive on your dll when it's compiled with madExcept?
Checked all Windows events - nothing.
ofc.madshi wrote:Anyway, if you find a way to reproduce the problem, please let me know.
Re: Problem with madexcept + dll injection
Ah sorry, missed that line about antivirus etc.
Re: Problem with madexcept + dll injection
ah, read again your last post
no, on my dev PC no antivirus installed, UAC disabled, only firewall working. Right now switch off it, nothing changed.
no, on my dev PC no antivirus installed, UAC disabled, only firewall working. Right now switch off it, nothing changed.
Re: Problem with madexcept + dll injection
madshi hello again, i'm back.
Sorry for long silence - was too far from internet
So, about this bug.
https://cloud.mail.ru/public/9Fia/nqHqWx3h2 - binaries, for reproducing bugs in Win 10\Win 8.1 - start project2.exe and press button.
https://cloud.mail.ru/public/Mrk4/4t4eHtZVd - sources: Injecter (project2), dll for inject, target app (i can't use default apps, like Notepad - because in WINx64 they also x64 and can't be injected by x86 app).
If switch off "link in madExcept Code" in madExcept Options of Project2 - dll injecting correctly, and show message.
In Win7 all is ok in all cases.
In you need any info - ask.
Sorry for long silence - was too far from internet
So, about this bug.
https://cloud.mail.ru/public/9Fia/nqHqWx3h2 - binaries, for reproducing bugs in Win 10\Win 8.1 - start project2.exe and press button.
https://cloud.mail.ru/public/Mrk4/4t4eHtZVd - sources: Injecter (project2), dll for inject, target app (i can't use default apps, like Notepad - because in WINx64 they also x64 and can't be injected by x86 app).
If switch off "link in madExcept Code" in madExcept Options of Project2 - dll injecting correctly, and show message.
In Win7 all is ok in all cases.
In you need any info - ask.
Re: Problem with madexcept + dll injection
madshi
Do you accept this report?
Do you accept this report?