SendIpcMessage() issue on Windows 7(32/64bit)

c++ / delphi package - dll injection and api hooking
Post Reply
chaos072
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

SendIpcMessage() issue on Windows 7(32/64bit)

Post by chaos072 »

I've found a SendIpeMessage() bug on Windows 7(32/64bit). I'm using madCodeHook v3.1.13

In a hook dll, I call SendIpcMessage() like this:

Code: Select all

OutputDebugString(L"IPC Start");
SendIpcMessage("MyIpcName", (void*)&requestMessage[0], requestMessage.size(), &responseBuffer[0], sizeof(responseBuffer), 5 * 1000, false);
OutputDebugString(L"IPC End");
This code is called in NtCreateFile hook function.

I've omitted error handling for clarity, but SendIpcMessage() returns 'true' here.

And in a exe file, the callback function is like this:

Code: Select all

static void WINAPI IpcCallback(LPCSTR pIpc, LPCVOID pMessageBuf, DWORD dwMessageLen, LPVOID pAnswerBuf, DWORD dwAnswerLen) {
	OutputDebugString(L"IpcCallback() Start");
	Sleep(500);
	OutputDebugString(L"IpcCallback() End");
}
So, the debug messages should print this way:

Code: Select all

IPC Start
IpcCallback() Start
IpcCallback() End
IPC End
On Windows XP, 8.1, 10 the debug messages print as expected.

But on Windows 7, the debug messages print in a weird order like this:

Code: Select all

IPC Start
IPC End
IpcCallback() Start
/* and 500ms later... */
IpcCallback() End
In other words, SendIpcMessage() does not wait for the callback function to complete. It returns immediately 'true'.

I've omitted answer buffer manipulation here for clarity, but the answer buffer is intact when I write something in a callback function.

Is this a bug?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Post by madshi »

IPC handling is done in background threads, so the order of the messages may not be "correct". That's why the CreateIpcQueue documentation says this:

http://help.madshi.net/IPC.htm
If the order of the messages is crucial for you, set "maxThreadCount" to "1".
However, it seems that in your case the SendIpcMessage() call returns immediately? That's certainly not as intended. I'm somewhat reluctant to take OutputDebugString as proof, though, because I've had problems with that in the past. Can you make the wait time bigger, like 2 seconds, and then add a MessageBox() call after SendIpcMessage()? Does the MessageBox appear with a 2 second delay on XP and Windows 8.1 then, but appear immediately on Windows 7?

Have you tested this on Win7 32bit or 64bit or both?
chaos072
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Post by chaos072 »

I've figured it out. It turns out that the implementation of SendIpcMessage() in Windows 7 conflicts with NtOpenProcess() hooking.

In my NtOpenProcess() hook function I blocked opening my exe process and that was the cause.

Thank you..
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage() issue on Windows 7(32/64bit)

Post by madshi »

Oh, that's quite interesting! Good to hear the issue was not my fault, less work for me to do... :D
Post Reply