Page 1 of 1

Ipc queue not sending back an answer

Posted: Wed Oct 19, 2016 2:03 pm
by franktrap
We've recently upgraded to madCodeHook 4.0, and have ran into some issues relating to the ipc queue. When injecting system-wide, we're usually not getting an answer back to the injected dll.
The queue does get established, and some processes are able to get an answer back, but not all.
This was not the case when we were using the previous madCodeHook 3.0.x and I'm wondering whether it could be a bug in the new madCodeHook 4.0 or something on our end. Here's a sample of the code:

Callback (in the core executable responsible for injection):

Code: Select all

int local_log_level = 0;
void WINAPI CoreToDllHandler(LPCSTR,
	LPCVOID pMessageBuf, DWORD size,
	LPVOID pAnswerBuf, DWORD answerLen, LPVOID pContext)
{
	printf("Entered dll handler callback\n");
	int *log_level = static_cast<int*>(pAnswerBuf);
	*log_level = local_log_level;
}
Queue creation (in the executable responsible for injection):

Code: Select all

bool CoreToDllQueue()
{
	if (!CreateIpcQueue(WORKING_DIR_COMM, CoreToDllHandler)) {
		LOG_ERROR("Could not create IPC messaging queue from Core to Dll!");
		return false;
	}
	LOG_DEBUG("Core to Dll message IPC Queue established.");
	return true;
}
Attempting to send a message (from the injected dll to the core executable):

Code: Select all

int log_level = 0;
SendIpcMessage(WORKING_DIR_COMM, nullptr, NULL,
		&log_level, sizeof(int), 7000, 1);
Additionally, we've been unable to get RegisterUninjectCallback to build in 64 bit (32 bit compiles) mode:
Error: error LNK2001: unresolved external symbol RegisterUninjectCallback
We're linking with madchook64mt.lib with /MT Runtime Library option.

Code example:
Callback:

Code: Select all

void WINAPI UninjectCallback(LPCVOID context)
{
	if (config_files != nullptr)
	{
		free(config_files);
	}
}
Call:

Code: Select all

	RegisterUninjectCallback(UninjectCallback, nullptr);
Any help is appreciated, thanks in advance.

Re: Ipc queue not sending back an answer

Posted: Wed Oct 19, 2016 2:30 pm
by madshi
I think both issues are probably fixed in the latest beta build. Can you give it a try?

http://madshi.net/madCollectionBeta.exe

Re: Ipc queue not sending back an answer

Posted: Wed Oct 19, 2016 5:03 pm
by franktrap
I applied the beta build. It fixed the problem with RegisterUninjectCallback (compiles and seems to work properly), however the issues with getting answers back to the injected process persist.

I'll revert back to madchooks 3.1 to verify that the behavior is due to the switch between 3.1 and 4.0, or whether it's in our code base itself. I'll let you know the results.

Thank you for your quick reply.

Re: Ipc queue not sending back an answer

Posted: Thu Oct 20, 2016 12:59 pm
by franktrap
Update:
Reverted back to madchooks 3.1.13, ipc queue now works as expected.
No changes were made in the code base which is responsible for establishing, sending messages, and closing the queue.
This points to a likely bug in the madchooks 4.0.0 and beta build relating to sending an answer back to the source of the message, leading to some processes getting answers back and others not.

Re: Ipc queue not sending back an answer

Posted: Thu Oct 20, 2016 4:35 pm
by madshi
Did you recompile both the sender and receiver with the beta build?

Can you reproduce the problem with a simple test project? If so, can you make that test project available to me?

Re: Ipc queue not sending back an answer

Posted: Thu Oct 20, 2016 6:56 pm
by franktrap
Both sender and receiver were recompiled with the beta files, libs as well as drivers.

It would take a bit of work to mock up a small, functionally equivalent, working example. I'll try to find some time to make a test project
and email (or gitlab/hub/other preferred method) you the source (assuming the results are reproducible) .

Re: Ipc queue not sending back an answer

Posted: Thu Oct 20, 2016 7:13 pm
by madshi
That's great - thanks! You can email to madshi (at) gmail (dot) com.

Re: Ipc queue not sending back an answer

Posted: Thu Mar 02, 2017 12:34 pm
by Nash70
hi,

This also seems to happen with the AUC. If start a process with "run as admin" the hooks will work, but the ipc message does not arrive.

Tested win10, win8.1 + mch4 last beta.

Re: Ipc queue not sending back an answer

Posted: Thu Mar 02, 2017 1:26 pm
by madshi
What is AUC?

I'll need a way to reproduce the problem, otherwise I can't fix it. Might be worth trying the latest beta, just to double check:

http://madshi.net/madCollectionBeta.exe

Re: Ipc queue not sending back an answer

Posted: Thu Mar 02, 2017 1:46 pm
by Nash70
UAC (not AUC :oops: dyslexia dixit) dialog ask for elevated privileges .

i will try with last beta. Thanks again!