Injection routine bug

c++ / delphi package - dll injection and api hooking
Post Reply
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Injection routine bug

Post by EaSy »

Hi,
your injection routine "CInjectLibFunc32" used in "InjectLibraryPatchNt32" is populated with "struct InjectLib32", yet it is expecting a very different data format.
More is on screenshot taken from crashed app. "Red" is data format required by routine and "green" is actual data format. This bug was probably made because of fixing this viewtopic.php?f=7&t=27487 .
screenshot.png
screenshot.png (85.51 KiB) Viewed 6050 times
I have one more request... Please keep your "delphi comments" above those injection routines updated, so I can debug it faster.

Thank you.
PP
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Injection routine bug

Post by madshi »

Ouch, this looks bad. Thanks for the heads-up. It's kinda weird that in my tests the changes seemed to have worked fine. Will have to investigate that.

What exactly do you mean with updating those "delphi comments"? I'm not sure.

Edit: I guess I never tested *user mode* patching of not-yet-initialized processes after doing the other fix you linked to. <sigh>
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Re: Injection routine bug

Post by EaSy »

About delphi comments:
I take it back. I have noticed later in log that you have updated those coments. I was confused about assembly in the screenshot and it was compiled "buf.pOldApi^ := buf.oldApi;" command.

Sorry.
PP
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Injection routine bug

Post by madshi »

Here's a new build which should hopefully fix the issue. I've now modified the structures to be identical in driver and user land, so I can use the same injection binary code for both:

http://madshi.net/madCollectionBeta.exe (2.7.4.15)

Please let me know if the fix works for you - thanks!
Post Reply