UnHookCode causes access violation

c++ / delphi package - dll injection and api hooking

UnHookCode causes access violation

Postby TCS » Tue Mar 29, 2016 9:37 am

Hey,

This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread.

In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode().
In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails.

The problem is that in a reproducable scenario unhook of CoCreateInstance causes access violation. The call stack is the following:
ntdll.dll!000000007789afba() Unknown
KernelBase.dll!000007fefd6d1592() Unknown
my_dll.dll!CCodeHook::~CCodeHook(void) C++
my_dll.dll!CCodeHook::`vector deleting destructor'(unsigned int) C++
my_dll.dll!AutoUnhookUninject(struct HINSTANCE__ *) C++
my_dll.dll!UnhookCode() C++

p.s.
IsHookInUse() returns 0.
TCS
 
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Postby madshi » Tue Mar 29, 2016 9:42 am

Does this still happen with madCodeHook 3.1.11? If so, is there a way for me to reproduce the problem somehow? Or can you somehow find out which source code line in the destructor produces that crash?
madshi
Site Admin
 
Posts: 9199
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Postby TCS » Tue Mar 29, 2016 10:47 am

1. I do use the latest version. btw, is there a way to verify what is the installed version?

2. I did not succeed in reproducing it on a small scale demo, and I don't have the source code. I can try and produce a dump if you like.
TCS
 
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Postby madshi » Tue Mar 29, 2016 12:19 pm

What happens if you compile a debug version? Maybe the stack trace then contains line numbers or something?
madshi
Site Admin
 
Posts: 9199
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Postby TCS » Wed Mar 30, 2016 6:42 am

no...
TCS
 
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Postby madshi » Wed Mar 30, 2016 6:51 am

Oh well. Please send me a crash dump then. If possible, please use the debug version of your hook dll, and please include the PDB also. Thanks!
madshi
Site Admin
 
Posts: 9199
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Postby TCS » Wed Mar 30, 2016 3:08 pm

Sending by mail...
TCS
 
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Postby TCS » Wed Mar 30, 2016 8:27 pm

Also, I've use an IPC mechanism I have to try and unhook before the dll main (before uninjecting the libraries) and it still crashes.
TCS
 
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests