Chrome.exe crash on W8

c++ / delphi package - dll injection and api hooking
Post Reply
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Chrome.exe crash on W8

Post by EaSy »

Hello,
We are experiencing crashing chrome app on W8. This happens only in case of manual uninjecting during deinitialization of our services while chrome is running.
I was able to analyze this problem and it looks like MCH fails to unhook some of hooked functions. Once the chrome tries to call them, it crashes, because DLL is already unloaded.

The problem is in function FindFileMappingHandle (ObjectTools.cpp). It is enumerating all handles within chrome process, but NtQueryObject sometimes causes exception 0xC0000008 (An invalid handle was specified.) or even 0xC0000005. An it skips unhooking.

A quick fix to your code
from

Code: Select all

...
if ( (SUCCEEDED(pfnNtQueryObject((HANDLE) (i1 * 4), 2, buf, 2048, NULL))) && (buf[1]) &&
	   (!_wcsicmp((LPWSTR) buf[1], L"Section")) &&
	   (SUCCEEDED(pfnNtQueryObject((HANDLE) (i1 * 4), 1, buf, 2048, NULL))) && (buf[1])) {
...
to

Code: Select all

...
BOOL res = FALSE;
__try
{
	res = (SUCCEEDED(pfnNtQueryObject((HANDLE) (i1 * 4), 2, buf, 2048, NULL))) && (buf[1]) &&
	   (!_wcsicmp((LPWSTR) buf[1], L"Section")) &&
	   (SUCCEEDED(pfnNtQueryObject((HANDLE) (i1 * 4), 1, buf, 2048, NULL))) && (buf[1]);
}
__except (ExceptionFilter(L"NtQueryObject", GetExceptionInformation()))
{
	res = FALSE;
}

if ( res ) {
...
seems to work.

What do you think?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Chrome.exe crash on W8

Post by madshi »

Looks good to me, thanks for analyzing this problem, I appreciate that! :D

Just to be safe: Wouldn't "__except (1)" work the same way? That's what I'm usually using if I just want to "ignore" an exception.
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Re: Chrome.exe crash on W8

Post by EaSy »

Sure,
you can use 1. I just copy&pasted it from somewhere else in you code.

Will you make a new build?

Thx,
PP
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Chrome.exe crash on W8

Post by madshi »

Can make a new build, but probably not today.
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Re: Chrome.exe crash on W8

Post by EaSy »

OK,
I will wait.
EaSy
Posts: 150
Joined: Tue Oct 23, 2012 12:33 pm

Re: Chrome.exe crash on W8

Post by EaSy »

Hi,
I am still waiting.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Chrome.exe crash on W8

Post by madshi »

Sorry for taking so long, so there's the new build:

http://madshi.net/madCollectionBeta.exe (2.7.7.5)

Don't worry about that "Beta" in the file name. It just means that this is not an officially announced version. Other than that there's nothing "Beta" (in the sense of "unstable") about this build. It's identical to the official build with just your bugfix in it (and another bugfix in madExcept, but that should be of no consequence to you).
Post Reply