Acess Violation in LpcWorkerThread

c++ / delphi package - dll injection and api hooking
Post Reply
ira
Posts: 49
Joined: Mon Dec 14, 2009 6:29 am

Acess Violation in LpcWorkerThread

Post by ira »

Sorry, but I have no idea why this can be happen and how to prevent the bug?

Code: Select all

madExcept version : 4.0.6
callstack crc     : $a8b2e170, $78a36543, $78a36543
exception number  : 1
exception class   : EAccessViolation
exception message : Access violation at address 007A0CF0 in module 'Program.exe'. Read of address 0008D8C2.

thread $f50:
007a0cf0 +034 Program.exe    madCodeHook LpcWorkerThread
004cbc51 +00d Program.exe    madExcept   CallThreadProcSafe
004cbcbb +037 Program.exe    madExcept   ThreadExceptFrame
75f61192 +010 kernel32.dll             BaseThreadInitThunk
>> created by thread $a60 at:
007a0eeb +173 Program.exe    madCodeHook LpcDispatchThread

main thread ($7c8):
769093f1 +00a USER32.dll                     WaitMessage
005b68c9 +149 Program.exe    Vcl.Forms         TApplication.Idle
005b5ae3 +017 Program.exe    Vcl.Forms         TApplication.HandleMessage
005b5e15 +0c9 Program.exe    Vcl.Forms         TApplication.Run
0087042d +1a9 Program.exe    Program     151 +54 initialization
75f61192 +010 kernel32.dll                   BaseThreadInitThunk

disassembling:
007a0cbc public madCodeHook.LpcWorkerThread (Program.exe):  ; function entry point
007a0cbc   push    ebp
007a0cbd   mov     ebp, esp
007a0cbf   add     esp, -8
007a0cc2   push    ebx
007a0cc3   push    esi
007a0cc4   push    edi
007a0cc5   mov     ebx, [ebp+8]
007a0cc8   xor     eax, eax
007a0cca   mov     [ebp-4], eax
007a0cc8
007a0ccd loc_7a0ccd:
007a0ccd   push    $ffffffff
007a0ccf   mov     eax, [ebx+8]
007a0cd2   push    eax
007a0cd3   call    -$38f4b8 ($411820)     ; Winapi.Windows.WaitForSingleObject (Program.exe)
007a0cd3
007a0cd8   test    eax, eax
007a0cda   jnz     loc_7a0d6a
007a0cda
007a0ce0   cmp     dword ptr [ebx+$c], 0
007a0ce4   jz      loc_7a0d6a
007a0ce4
007a0cea   mov     eax, [ebx+$c]
007a0ced   mov     esi, [ebx+$c]
007a0cf0 > add     eax, [esi+$20]
007a0cf3   mov     edi, eax
007a0cf5   mov     eax, [esi+$14]
007a0cf8   push    eax
007a0cf9   mov     eax, [esi+$10]
007a0cfc   push    eax
007a0cfd   mov     eax, [edi+4]
007a0d00   push    eax
007a0d01   lea     eax, [edi+$14]
007a0d04   push    eax
007a0d05   mov     eax, [esi+4]

madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Acess Violation in LpcWorkerThread

Post by madshi »

It shouldn't happen. Could be a bug in madCodeHook. Or it could be that your process was in such a bad state that the crash in madCodeHook was a follow-up crash of something else going very wrong.

Is this a one-time-only crash? Or do you have lots of crash reports like that? Or can you even reproduce it?
ira
Posts: 49
Joined: Mon Dec 14, 2009 6:29 am

Re: Acess Violation in LpcWorkerThread

Post by ira »

Bad state? Can you give me an example of bad state?

I only receives this bug from my costumers. I can't reproduce the crash.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Acess Violation in LpcWorkerThread

Post by madshi »

How often do you receive this from your customers?

A bad state would be if e.g. some part of your code has overwritten some random memory areas with random data. This can happen e.g. if you write over the bounds of a dynamic array or dynamic string. If random memory is damaged, this can result in all sorts of weird crashes, sometimes minutes or hours afterwards...

However, if you get this bug report relatively often from your customers with identical callstacks, that would more point to a bug directly related to the crash instead of a bad process state.
Post Reply