Some messages through IPC callback are modified

c++ / delphi package - dll injection and api hooking
Post Reply
lovenamu
Posts: 24
Joined: Thu Dec 02, 2010 8:21 am

Some messages through IPC callback are modified

Post by lovenamu »

Hello.
I use the IPC function to communicate between two processes.
Some string messages through the IPC callback function of madCodeHook are modified.

For example,
the string content of the sender's message:
"http://ko.wikipedia.org/wiki/%EC%B9%B4% ... C%EC%84%B1"

is modified through IPC communication. So the receiver get the modified the below message:
"http://ko.wikipedia.org/wiki/1.618954E- ... 3E+061C%B1"

%EC%B9%B4%EB%93
==> 1.618954E-319CB9B49.881313E-323B

Other string contents are not modified.

My code is as below:

1.receiver's code:

Code: Select all

static void WINAPI IPCRequestCallback(LPCSTR  pIpc,
        PVOID   pMessageBuf,
        DWORD   dwMessageLen,
        PVOID   pAnswerBuf,
        DWORD   dwAnswerLen)
{
        if(!pMessageBuf || dwMessageLen == 0)
        {
               sprintf((CHAR*)pAnswerBuf, "IPCRequestCallback message empty.");
               return;
        }
        else
        {
               CString strCommand;
               strCommand.SetString((TCHAR*)pMessageBuf, dwMessageLen);

               CString strResult;
               ProcessCommand(strCommand, strResult);

               if(strResult.GetLength() > dwAnswerLen)
                       strResult = strResult.Left(dwAnswerLen);

               if(pAnswerBuf && dwAnswerLen > 0)
                       sprintf((TCHAR*)pAnswerBuf, strResult);
        }
}

2. sender's code

Code: Select all

BOOL CMailManager::SendMessageToScanWorker(CString strScanWorkerId, LPTSTR szCommand, UINT nCommandLength, LPTSTR szResponseBuffer, UINT nResponseBufferLength, UINT nTimeout)
{
       //theApp.m_EventLog.FileLogWrite(90, _T("%s begin - scan workerid: %s, command: %s"), __TFUNCTION__, strScanWorkerId, szCommand);
       //CHNIXLock lock(m_csCommToScanWorker);

       BOOL bResult = SendIpcMessage(strScanWorkerId,
                           szCommand, nCommandLength,
                           szResponseBuffer, nResponseBufferLength,
                           nTimeout, TRUE
                           );

       //theApp.m_EventLog.FileLogWrite(90, _T("%s end - result: %s, response: %s"), __TFUNCTION__, (bResult) ? _T("TRUE") : _T("FALSE"), szResponseBuffer);

        return bResult;
}
Is there any problem in my code?

Thanks in advance.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Some messages through IPC callback are modified

Post by madshi »

I don't see how/where you log the received string.

The madCodeHook IPC functions treat your data as binary data. There's no interpretation or modification going on in madCodeHook's code. I guess it is theoretically possible that the internal win32 native APIs I'm using for transport are modifying the data behind my back, but I find it highly unlikely because these native APIs also treat the data as binary data. My best guess is that some part of your code does the modifications, but I'm only guessing here.

One problem is that you're using LPTSTR, but SendIpcMessage uses simply PVOID. Are you transporting an Ansi or Wide string? If it's a Wide string, is nCommandLength set to the *byte* or *char* count of szCommand? I would suggest to use native APIs (CreateFile + WriteFile + CloseHandle) in IPCRequestCallback() to log the real binary data that arrives through pMessageBuf. If that data is correct/untouched, then it must be some of your code which is causing the problem. If the log already contains damaged data then add native APIs (CreateFile + ...) directly before your SendIpcMessage() to make sure the data is really still correct before you pass it on to SendIpcMessage(). If after these tests you can confirm that the bug must be somewhere in madCodeHook, then it would be great if you could provide me with a short and simple test project with which I could reproduce the problem. Thanks!
lovenamu
Posts: 24
Joined: Thu Dec 02, 2010 8:21 am

Re: Some messages through IPC callback are modified

Post by lovenamu »

I think that my coding mistake is the cause of this problem.
The function 'sprintf()' makes the below formatted result.

%EC%B9%B4%EB%93
==> 1.618954E-319CB9B49.881313E-323B

I 'd greatly appreciate your help!!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Some messages through IPC callback are modified

Post by madshi »

Well, you can use e.g. strcpy_s to copy the string instead of sprintf.
Post Reply