Ipc queue not sending back an answer

c++ / delphi package - dll injection and api hooking

Ipc queue not sending back an answer

Postby franktrap » Wed Oct 19, 2016 2:03 pm

We've recently upgraded to madCodeHook 4.0, and have ran into some issues relating to the ipc queue. When injecting system-wide, we're usually not getting an answer back to the injected dll.
The queue does get established, and some processes are able to get an answer back, but not all.
This was not the case when we were using the previous madCodeHook 3.0.x and I'm wondering whether it could be a bug in the new madCodeHook 4.0 or something on our end. Here's a sample of the code:

Callback (in the core executable responsible for injection):
Code: Select all
int local_log_level = 0;
void WINAPI CoreToDllHandler(LPCSTR,
   LPCVOID pMessageBuf, DWORD size,
   LPVOID pAnswerBuf, DWORD answerLen, LPVOID pContext)
{
   printf("Entered dll handler callback\n");
   int *log_level = static_cast<int*>(pAnswerBuf);
   *log_level = local_log_level;
}


Queue creation (in the executable responsible for injection):
Code: Select all
bool CoreToDllQueue()
{
   if (!CreateIpcQueue(WORKING_DIR_COMM, CoreToDllHandler)) {
      LOG_ERROR("Could not create IPC messaging queue from Core to Dll!");
      return false;
   }
   LOG_DEBUG("Core to Dll message IPC Queue established.");
   return true;
}


Attempting to send a message (from the injected dll to the core executable):
Code: Select all
int log_level = 0;
SendIpcMessage(WORKING_DIR_COMM, nullptr, NULL,
      &log_level, sizeof(int), 7000, 1);


Additionally, we've been unable to get RegisterUninjectCallback to build in 64 bit (32 bit compiles) mode:
Error: error LNK2001: unresolved external symbol RegisterUninjectCallback
We're linking with madchook64mt.lib with /MT Runtime Library option.

Code example:
Callback:
Code: Select all
void WINAPI UninjectCallback(LPCVOID context)
{
   if (config_files != nullptr)
   {
      free(config_files);
   }
}


Call:
Code: Select all
   RegisterUninjectCallback(UninjectCallback, nullptr);


Any help is appreciated, thanks in advance.
franktrap
 
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Postby madshi » Wed Oct 19, 2016 2:30 pm

I think both issues are probably fixed in the latest beta build. Can you give it a try?

http://madshi.net/madCollectionBeta.exe
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Postby franktrap » Wed Oct 19, 2016 5:03 pm

I applied the beta build. It fixed the problem with RegisterUninjectCallback (compiles and seems to work properly), however the issues with getting answers back to the injected process persist.

I'll revert back to madchooks 3.1 to verify that the behavior is due to the switch between 3.1 and 4.0, or whether it's in our code base itself. I'll let you know the results.

Thank you for your quick reply.
franktrap
 
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Postby franktrap » Thu Oct 20, 2016 12:59 pm

Update:
Reverted back to madchooks 3.1.13, ipc queue now works as expected.
No changes were made in the code base which is responsible for establishing, sending messages, and closing the queue.
This points to a likely bug in the madchooks 4.0.0 and beta build relating to sending an answer back to the source of the message, leading to some processes getting answers back and others not.
franktrap
 
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Postby madshi » Thu Oct 20, 2016 4:35 pm

Did you recompile both the sender and receiver with the beta build?

Can you reproduce the problem with a simple test project? If so, can you make that test project available to me?
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Postby franktrap » Thu Oct 20, 2016 6:56 pm

Both sender and receiver were recompiled with the beta files, libs as well as drivers.

It would take a bit of work to mock up a small, functionally equivalent, working example. I'll try to find some time to make a test project
and email (or gitlab/hub/other preferred method) you the source (assuming the results are reproducible) .
franktrap
 
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Postby madshi » Thu Oct 20, 2016 7:13 pm

That's great - thanks! You can email to madshi (at) gmail (dot) com.
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Postby Nash70 » Thu Mar 02, 2017 12:34 pm

hi,

This also seems to happen with the AUC. If start a process with "run as admin" the hooks will work, but the ipc message does not arrive.

Tested win10, win8.1 + mch4 last beta.
Nash70
 
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Ipc queue not sending back an answer

Postby madshi » Thu Mar 02, 2017 1:26 pm

What is AUC?

I'll need a way to reproduce the problem, otherwise I can't fix it. Might be worth trying the latest beta, just to double check:

http://madshi.net/madCollectionBeta.exe
madshi
Site Admin
 
Posts: 9411
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Postby Nash70 » Thu Mar 02, 2017 1:46 pm

UAC (not AUC :oops: dyslexia dixit) dialog ask for elevated privileges .

i will try with last beta. Thanks again!
Nash70
 
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests