InjectLibrary causes Error in WinMe

c++ / delphi package - dll injection and api hooking
Post Reply
wuf31
Posts: 5
Joined: Mon Oct 25, 2004 3:25 am

InjectLibrary causes Error in WinMe

Post by wuf31 »

Hi, i wonder if anybody else ever found this error?

Under Windows Me, InjectLibrary causes an error like this
Kernel32 has caused an error in unknown
Kernel32 will now close.

If you continue to experience problem
try restarting your computer
This happens not only with kernel32, but apparently with all running
process. After that I've to do a hardware reboot.

The code is like this

Code: Select all

InjectLibrary(fProcess.Handle.Handle, 'xxx.dll')
Replacing xxx.dll with empty.dll from madcodehook demos doesn't produce the errors, however. I suspect the call to HookAPI in the dll
is the culprit here, i also tried replacing xxx.dll with HookLoadLibrary.dll from demos, but the error persists.

Things seems to work great with 2000

Any clues?

PS: The 2000 and Me is on different machine.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Into which process(es) are you injecting the dll?

Which version of madCodeHook are you using? And which development system? Delphi? MSVC? Which version?
wuf31
Posts: 5
Joined: Mon Oct 25, 2004 3:25 am

Post by wuf31 »

I'm using madCollection 2.1.30, Delphi 6.02.

Development: 2004 SP4

I tried it on a newly created Notepad.exe process.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

So you can reproduce the problem by injecting "HookLoadLibrary.dll" into a newly created Notepad process in winME?
wuf31
Posts: 5
Joined: Mon Oct 25, 2004 3:25 am

Post by wuf31 »

Confirm.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Ok, thanks, will check it.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

I've just checked it with my winME virtual machine. I've started Notepad. Then I've started my test program, which just injected "HookLoadLibrary.dll" into the running Notepad instance. No problems on my PC. The log file was created just fine, too.

How new is "newly created"? Did you wait until Notepad is up and running? Or did you call "NewProcess" and then without delay call InjectLibrary? I've tested the first case only.
wuf31
Posts: 5
Joined: Mon Oct 25, 2004 3:25 am

Post by wuf31 »

I reinstall the ME box from scratch and no error show up this time.
I'm really sorry for this inconvinience. It may be virus or some other app.

Thanks madshi, things are working fine now.

In case this matters, I don't wait till Notepad is up and running. The next line after NewProcess is InjectLibrary. This is ok, right?
In fact, how do you do proper waiting?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

No problem about your ME box. I mean such a situation can happen on an end user's PC, too! So even if your box was somehow in a bad shape, madCodeHook should not make it totally crash. Well, but I guess there's no way I can analyze what happened... :?

About waiting: Normally madCodeHook gets along just fine if you don't wait before doing InjectLibrary. However, if you want to be that extra 2% safe, then you should use madCodeHook's CreateProcessEx instead of NewProcess. By using CreateProcessEx you don't need to use InjectLibrary at all.
wuf31
Posts: 5
Joined: Mon Oct 25, 2004 3:25 am

Post by wuf31 »

So it's better use CreateProcessEx. Suggestion: Perhaps you could add an optional paramater in NewProcess for the inject dll stuff. This way, there's no need for si or pi.

Thanks for everything, madshi. I'll let you know should they pop up again.
Post Reply