SendIpcMessage from service to usersession fails on 32 bit

c++ / delphi package - dll injection and api hooking

SendIpcMessage from service to usersession fails on 32 bit

Postby tbrd » Thu Nov 30, 2017 11:45 am

Hi Madshi!

I want to send IpcMessages from my system process running in session 0 to my user process running in an input session. It does function, if I use 64-bit processes on 64-bit platform. If I run my 32-bit compilation on a Windows 7 32-bit machine, all IPC calls run into a timeout of approx. 5 seconds and fail (SendIpcMessage returns 0). The callback function of the remote process is never called in 32-bit.
InitializeMadCodeHook is called before of course.

Is there a problem with the 32-bit Ipc functionality?
I also checked Ipc by sending within input session: OK
Sending Ipc messages from input session to service: OK

Installer 2.8.3.0 and 2.8.3.10

Thanks
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Thu Nov 30, 2017 2:41 pm

In theory I have tested all variants of 32bit <-> 64bit on all OSs, and it's supposed to work correctly.

Did the CreateIpcQueue() and SendIpcMessage() APIs return TRUE or FALSE? In case of FALSE, what does GetLastError() say?

Do you have a chance to test this on more OSs? E.g. Win8.1 32bit, Win10 32bit, or some 64bit OSs with your 32bit EXEs?
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 8:29 am

Hello Madshi!

I just ran the following test on my Windows 8 32-Bit machine.
Installer 2.8.3.0,
Console executable compiled with the latest VS 2017 :
Code: Select all
VOID WINAPI IPCCALLBACK(LPCSTR pIpc, LPCVOID pMessageBuf, DWORD dwMessageLen, LPVOID pAnswerBuf, DWORD dwAnswerLen, LPVOID pContext) {
   _putws(L"call");
}

int _tmain(int argc, _TCHAR* argv[]) {
   InitializeMadCHook();
   if (argc > 1) {
      LONGLONG llTest = 0;
      _putws(L"test start");
      wprintf_s(L"testnachricht gesendet? %u result 0x%I64X, LastError %u", SendIpcMessage("TEST", L"Testnachricht", sizeof(L"Testnachricht"), &llTest, sizeof(llTest), INFINITE, TRUE), llTest, GetLastError());
   } else {
      if (CreateIpcQueue("TEST", IPCCALLBACK, nullptr, 16, 4096, nullptr)) {
         _putws(L"OK");
      }
   }
   SleepEx(20000, TRUE);
   return 0;
}


First, I started the executable with no parameters in my console session. It opened the IpcQueue: OK .
ProcessExplorer shows the corresponding ALPC Port for the process.
Then I started psexec -s -i Test.exe aaaa .
Console window shows test start and then there is a delay of approx 5 seconds.
After that wait time console window shows testnachricht gesendet? 0 result 0x0, LastError 0
The first console window never shows call in this environment.

Running the same 32-bit executable on my Windows 10 x64 shows the same result ( IPC not functional )
Running the same code compiled in 64-Bit on the same Windows 10 x64 gives a positive result ( IPC functional, call)
Also 32-Bit IpcQueue process is functional with 64-bit SendIpcMessage process. (call)
But 64-Bit IpcQueue process is not functional with 32-bit SendIpcMessage process ( Ipc runs into a timeout with no lastError)
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 9:49 am

What happens if you run the process which calls CreateIpcQueue elevated (run as admin)?
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 9:56 am

I tested all three failed combinations with elevated sender: nothing changed
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 9:57 am

I'm not talking about the sender, I'm talking about the queue owner.
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 9:59 am

sorry I ment the queue process. the sending process is system account of course.
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 10:00 am

Ok, what is the exact name/path of the ALPC port of the queue owner?
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 10:05 am

ist is \RPC Control\mchIpcTEST. If the queue is not available, my SendIpcMessage test executable immediately fails and there is no timeout. just as expected.
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 10:06 am

Ok, let me guess: If you remove the "reply", it will work ok?
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 10:19 am

Yes then it works, but the "reply" is the important thing in my case :(
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 10:27 am

Well, of course it's supposed to work. So to sum up:

32bit queue + 32bit sender = problem
64bit queue + 32bit sender = problem
32bit queue + 64bit sender = ok
64bit queue + 64bit sender = ok

Is that correct? Looks like a bug with the 32bit sender then.

Are you using madCodeHook v3 or v4? And do you use the static lib files shipping with madCodeHook? Do you have access to the madCodeHook source code? If so, are you building the source code yourself?
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Postby tbrd » Fri Dec 01, 2017 10:30 am

Yes, the 32-bit sender is the problem.

No, I do not have access to the source code. I use v4 linking the static lib files into my executable.
tbrd
 
Posts: 16
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Postby madshi » Fri Dec 01, 2017 10:33 am

Ok, I'll try to reproduce this on my PC. Might take until early next week, though.
madshi
Site Admin
 
Posts: 9469
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 5 guests

cron