Chrome freezes after being hooked.

c++ / delphi package - dll injection and api hooking
Post Reply
chaos072
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

Chrome freezes after being hooked.

Post by chaos072 »

I found a very weird problem.

Chrome web browser freezes after being hooked.

Here's the source code for DLL:

#define WIN32_LEAN_AND_MEAN

#include <Windows.h>
#include <WinSock2.h>
#include "madCHook.h"

static int (WINAPI *CloseSocketNext)(SOCKET s);

static int WINAPI OnCloseSocketCalled1(SOCKET s) {
OutputDebugString(L"closesocket()");

return CloseSocketNext(s);
}

static void OnProcessAttach() {
InitializeMadCHook();

if (!HookAPI("ws2_32.dll", "closesocket", OnCloseSocketCalled1, (PVOID *)&CloseSocketNext)) {
OutputDebugString(L"Hook failed.");
}
}

static void OnProcessDetach() {
FinalizeMadCHook();
}

BOOL WINAPI DllMain(HANDLE /*hModule*/, DWORD fdwReason, LPVOID /*lpReserved*/) {
if (fdwReason == DLL_PROCESS_ATTACH) {
OnProcessAttach();
}

else if (fdwReason == DLL_PROCESS_DETACH) {
OnProcessDetach();
}

return TRUE;
}

And my environment is:
Windows 8 x64, Quad core AMD CPU, 8GB of RAM, Visual Studio 2010 SP1, Latest version of Chrome and latest version of madCodeHook.
And the hook DLL is statically linked to multi threaded CRT.

Reproducint the bug is very strange and difficult.
After injecting the DLL into Chrome process, open some sophisticated web site like amazon.com, and press F5 key to refresh the page many times(about 30~50 times or more).

Chrome freezes like the attached screenshot.

It takes some time to reproduce the bug, but the bug does exist certainly. If you couldn't reproduce the bug quickly, try to change language setting of Chrome to other languages other than English. It could help, but I'm not sure.

And for your information, just injecting the hook dll into Chrome process without hooking some API does not make the bug. To reproduce the bug at least one API must be hooked.
Attachments
FrozenChrome.jpg
FrozenChrome.jpg (231.87 KiB) Viewed 4534 times
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Chrome freezes after being hooked.

Post by madshi »

Does the problem also occur if you remove the DebugOutputString() call? That one has been reported to cause weird problems sometimes in the past.

Please also check the madCodeHook demos to check whether you can reproduce the problem with those, too. E.g. try this one:

http://madshi.net/PrintMonitor.zip
chaos072
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

Re: Chrome freezes after being hooked.

Post by chaos072 »

1. The problem also occurs when the DebugOutputString() lines are removed.

2. I have reproduced the problem with your PrintMonitor demo. See the attached screenshot.
Attachments
Frozen Chrome by PrintMonitor demo.
Frozen Chrome by PrintMonitor demo.
FrozenChrome2.jpg (218.96 KiB) Viewed 4519 times
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Chrome freezes after being hooked.

Post by madshi »

Hi there,

and sorry for the very late reply... :oops:

I've tried to reproduce this problem, and sometimes I can, and sometimes I can't, even after > 100 tries. It's very frustrating.

Some things I did find out: Even if I don't actually overwrite the hooked API, the problem still occurs. So it's not the patching of the hooked API or the callback function or anything related to that which causes the problem. Also it doesn't matter which API I hook. Any of the hooks produces the same problem.

Right now from what I could find out in 2 days of very painful debugging is that it seems to be related to the memory madCodeHook allocates and/or some named memory mapped files. From what I can say, this does not appear to be a bug in madCodeHook, but some kind of problem with the Chrome sandbox. With the hook dll I tested with, madCodeHook doesn't actually do much, it just allocates some memory and some named objects and then sits idle. Still the problem occurs sometimes, without any madCodeHook code being executed at the time when the problem occurs, from what I can say...

I've installed the Chrome developer version and turned the sandbox off, so that I can do some debugging, but with the sandbox turned off, the problem doesn't seem to occur. So I'm really lost right now. I can't properly debug the problem with the sandbox activated. And with the sandbox deactivated, the problem doesn't occur. Right now I have no ideas what else to do. Unless you can find a way to reproduce this problem more reliably? Then I might be able to find out more details about what's going on. But even then I think the likely conclusion will be that the Chrome sandbox has some sort of problem, and it's probably not madCodeHook's fault...
Post Reply