SendIpcMessage() issue on Windows 7(32/64bit)

c++ / delphi package - dll injection and api hooking

SendIpcMessage() issue on Windows 7(32/64bit)

Postby chaos072 » Thu Oct 20, 2016 6:57 am

I've found a SendIpeMessage() bug on Windows 7(32/64bit). I'm using madCodeHook v3.1.13

In a hook dll, I call SendIpcMessage() like this:

Code: Select all
OutputDebugString(L"IPC Start");
SendIpcMessage("MyIpcName", (void*)&requestMessage[0], requestMessage.size(), &responseBuffer[0], sizeof(responseBuffer), 5 * 1000, false);
OutputDebugString(L"IPC End");


This code is called in NtCreateFile hook function.

I've omitted error handling for clarity, but SendIpcMessage() returns 'true' here.

And in a exe file, the callback function is like this:

Code: Select all
static void WINAPI IpcCallback(LPCSTR pIpc, LPCVOID pMessageBuf, DWORD dwMessageLen, LPVOID pAnswerBuf, DWORD dwAnswerLen) {
   OutputDebugString(L"IpcCallback() Start");
   Sleep(500);
   OutputDebugString(L"IpcCallback() End");
}


So, the debug messages should print this way:

Code: Select all
IPC Start
IpcCallback() Start
IpcCallback() End
IPC End


On Windows XP, 8.1, 10 the debug messages print as expected.

But on Windows 7, the debug messages print in a weird order like this:

Code: Select all
IPC Start
IPC End
IpcCallback() Start
/* and 500ms later... */
IpcCallback() End


In other words, SendIpcMessage() does not wait for the callback function to complete. It returns immediately 'true'.

I've omitted answer buffer manipulation here for clarity, but the answer buffer is intact when I write something in a callback function.

Is this a bug?
chaos072
 
Posts: 14
Joined: Wed Mar 20, 2013 2:22 am

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Postby madshi » Thu Oct 20, 2016 4:46 pm

IPC handling is done in background threads, so the order of the messages may not be "correct". That's why the CreateIpcQueue documentation says this:

http://help.madshi.net/IPC.htm

If the order of the messages is crucial for you, set "maxThreadCount" to "1".


However, it seems that in your case the SendIpcMessage() call returns immediately? That's certainly not as intended. I'm somewhat reluctant to take OutputDebugString as proof, though, because I've had problems with that in the past. Can you make the wait time bigger, like 2 seconds, and then add a MessageBox() call after SendIpcMessage()? Does the MessageBox appear with a 2 second delay on XP and Windows 8.1 then, but appear immediately on Windows 7?

Have you tested this on Win7 32bit or 64bit or both?
madshi
Site Admin
 
Posts: 9432
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Postby chaos072 » Fri Oct 21, 2016 12:32 am

I've figured it out. It turns out that the implementation of SendIpcMessage() in Windows 7 conflicts with NtOpenProcess() hooking.

In my NtOpenProcess() hook function I blocked opening my exe process and that was the cause.

Thank you..
chaos072
 
Posts: 14
Joined: Wed Mar 20, 2013 2:22 am

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Postby madshi » Mon Oct 24, 2016 10:51 am

Oh, that's quite interesting! Good to hear the issue was not my fault, less work for me to do... :D
madshi
Site Admin
 
Posts: 9432
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 11 guests

cron