a rare dead lock when uninject dll
Posted: Mon Jun 09, 2014 5:27 am
system : Windows Version 7601 (Service Pack 1) MP (4 procs) Free x64
call stack like that
0045e348 76f43bd5 ntdll_77450000!NtDelayExecution+0x15
0045e3b0 76f444a5 KERNELBASE!SleepEx+0x65
0045e3c0 6b86f3bb KERNELBASE!Sleep+0xf
0045e950 6b8707df xxxxxxxx!CCodeHook::~CCodeHook+0x4ab
0045e95c 6b86513b xxxxxxxx!CCodeHook::`scalar deleting destructor'+0xf
0045e9bc 6b865ae3 xxxxxxxx!VirtualAlloc2+0x54b
0045e9d0 6b865158 xxxxxxxx!UnhookLoadLibrary+0x43
0045ea30 6b864750 xxxxxxxx!VirtualAlloc2+0x568
0045ea44 6b8613e3 xxxxxxxx!UnhookAPI+0x10
0045ea4c 6b8618f4 xxxxxxxx!chrome1::unhook(void)+0x13
0045f2a4 6b87af90 xxxxxxxx!DllMain(struct HINSTANCE__ * hModule = 0x00000000`6b860000, unsigned long ul_reason_for_call = 0, void * lpReserved = 0x00000000`00000001)+0x304
0045f2e4 6b87af17 xxxxxxxx!__DllMainCRTStartup(void * hDllHandle = 0x00000000`6b860000, unsigned long dwReason = 0, void * lpreserved = 0x00000000`00000001)+0x72
0045f2f8 774899a0 xxxxxxxx!_DllMainCRTStartup(void * hDllHandle = 0x00000000`6b860000, unsigned long dwReason = 0, void * lpreserved = 0x00000000`00000001)+0x1c
0045f318 7749d702 ntdll_77450000!LdrpCallInitRoutine+0x14
0045f3bc 7749d5a4 ntdll_77450000!LdrShutdownProcess+0x1aa
0045f3d0 766379ec ntdll_77450000!RtlExitUserProcess+0x74
0045f3e4 10001370 kernel32!ExitProcessStub+0x12
WARNING: Stack unwind information not available. Following frames may be wrong.
0045f4d4 7747f201 wtsapi32!WTSCloseServer
0045f66c 7748bb59 ntdll_77450000!RtlDosApplyFileIsolationRedirection_Ustr+0x31e
0045f70c 77483ca4 ntdll_77450000!RtlQueryInformationActivationContext+0x3f2
my code like that, and do it in dllmain, hook in DLL_PROCESS_ATTACH and unhook in DLL_PROCESS_DETACH
int chrome1::hook()
{
InitializeMadCHook();
HookAPI("shell32.dll","SHFileOperationW",mySHFileOperationW, &(PVOID&)pSHFileOperationW);
return 0;
}
int chrome1::unhook()
{
if (pSHFileOperationW)
UnhookAPI( &(PVOID&)pSHFileOperationW);
FinalizeMadCHook();
return 0;
}
when it happens, chrome will not works any more even create a new process
may be a crash in loadlibrary is the reason?
call stack like that
0045e348 76f43bd5 ntdll_77450000!NtDelayExecution+0x15
0045e3b0 76f444a5 KERNELBASE!SleepEx+0x65
0045e3c0 6b86f3bb KERNELBASE!Sleep+0xf
0045e950 6b8707df xxxxxxxx!CCodeHook::~CCodeHook+0x4ab
0045e95c 6b86513b xxxxxxxx!CCodeHook::`scalar deleting destructor'+0xf
0045e9bc 6b865ae3 xxxxxxxx!VirtualAlloc2+0x54b
0045e9d0 6b865158 xxxxxxxx!UnhookLoadLibrary+0x43
0045ea30 6b864750 xxxxxxxx!VirtualAlloc2+0x568
0045ea44 6b8613e3 xxxxxxxx!UnhookAPI+0x10
0045ea4c 6b8618f4 xxxxxxxx!chrome1::unhook(void)+0x13
0045f2a4 6b87af90 xxxxxxxx!DllMain(struct HINSTANCE__ * hModule = 0x00000000`6b860000, unsigned long ul_reason_for_call = 0, void * lpReserved = 0x00000000`00000001)+0x304
0045f2e4 6b87af17 xxxxxxxx!__DllMainCRTStartup(void * hDllHandle = 0x00000000`6b860000, unsigned long dwReason = 0, void * lpreserved = 0x00000000`00000001)+0x72
0045f2f8 774899a0 xxxxxxxx!_DllMainCRTStartup(void * hDllHandle = 0x00000000`6b860000, unsigned long dwReason = 0, void * lpreserved = 0x00000000`00000001)+0x1c
0045f318 7749d702 ntdll_77450000!LdrpCallInitRoutine+0x14
0045f3bc 7749d5a4 ntdll_77450000!LdrShutdownProcess+0x1aa
0045f3d0 766379ec ntdll_77450000!RtlExitUserProcess+0x74
0045f3e4 10001370 kernel32!ExitProcessStub+0x12
WARNING: Stack unwind information not available. Following frames may be wrong.
0045f4d4 7747f201 wtsapi32!WTSCloseServer
0045f66c 7748bb59 ntdll_77450000!RtlDosApplyFileIsolationRedirection_Ustr+0x31e
0045f70c 77483ca4 ntdll_77450000!RtlQueryInformationActivationContext+0x3f2
my code like that, and do it in dllmain, hook in DLL_PROCESS_ATTACH and unhook in DLL_PROCESS_DETACH
int chrome1::hook()
{
InitializeMadCHook();
HookAPI("shell32.dll","SHFileOperationW",mySHFileOperationW, &(PVOID&)pSHFileOperationW);
return 0;
}
int chrome1::unhook()
{
if (pSHFileOperationW)
UnhookAPI( &(PVOID&)pSHFileOperationW);
FinalizeMadCHook();
return 0;
}
when it happens, chrome will not works any more even create a new process
may be a crash in loadlibrary is the reason?