Page 1 of 1

InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 12:31 am
by pambol
Hi, i'm with a problem. if i inject at all running processes on W7/XP generate a BSOD.
Here is the injection code.

Code: Select all

for i1 := 0 to high(pl) do
  begin
    if GetCurrentProcessID = pl[i1].id then Continue;
    if dNtSysCall.IsProtectedProcess(pl[i1].id) then Continue;

    hOpen := OpenProcess(PROCESS_ALL_ACCESS ,false , pl[i1].id);

    if Is64BitProcess(hOpen) then
    begin
      if not InjectLibraryW('PSGG64.dll', hOpen, 1) then
      begin
        Memo1.Lines.Add(Format('64 Process [%s] failed to inject', [pl[i1].exeFile]));
      end
      else
      begin
        Memo1.Lines.Add(Format('64 Process [%s] injetacted', [pl[i1].exeFile]));
      end;
    end
    else
    begin
      if not InjectLibraryW('PSGG32.dll', hOpen, 1) then
      begin
        Memo1.Lines.Add(Format('32 Process [%s] failed to inject', [pl[i1].exeFile]));
      end
      else
      begin
        Memo1.Lines.Add(Format('32 Process [%s] injetacted', [pl[i1].exeFile]));
      end;
    end;

    CloseHandle(hOpen);
  end;
I've tried a empty .dll like:

Code: Select all

library Project1;

uses
  System.SysUtils,
  System.Classes;

begin
end.
How i can solve that?

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 2:22 am
by iconic
Hi,

Which version of MCH are you currently using? Also, if the DLL is empty, no need to include SysUtils and Classes units (IIRC there is some heavy initialization sections)
MCH should be able to inject system-wide with an empty DLL without issues. In your case, process specific injection also should not have any such effect. System-wide
flags are better for this however come injection time, instead of injecting in a process loop like this.

*** Edit***
Looked at your code more closely, you're setting the injection timeout to 1 ms. I think you might mean 1000 ms (1 second) otherwise there is hardly any time to complete the real operation

Code: Select all

InjectLibrary(DLL_PATH, hProcess, 1000); // for 1 second timeout
Default timeout is 7 seconds, by the way (3rd param is 7000 by default). It's best if you don't adjust this parameter or at least use seconds instead of milliseconds. Might not make a difference
however the calling isn't right with "1" as the 3rd parameter. Try InjectLibraryW(DLL, hProcess); and leave the default parameters in place, does this make a difference?

Also, a tip, lose PROCESS_ALL_ACCESS and use MAXIMUM_ALLOWED access mask instead

--Iconic

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 8:27 am
by madshi
Agree with iconic: I would recommend not to include SysUtils and Classes. If you need a couple of functions from SysUtils/Classes, just copy & paste them into your hook dll dpr file instead.

Some system processes like to create an BSOD if you call any GUI APIs in them, like FindWindow, PostMessage etc. I'm not sure what SysUtils & Classes do in their initialization section. Will probably also depend on which Delphi version you're using.

(The InjectLibrary timeout value should in theory not harm, because injection is done by remote threads, which are written to work by themselves.)

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 8:53 am
by iconic
Yes, Madshi is 100% correct, non-interactive processes (mostly session 0 services or critical process like CSRSS or Winlogon) do not like anything "UI" among other things. The timeout comment I made was due to you confusing seconds with milliseconds, just so you're aware. You have to write your DLL code delicately. But, an empty DLL should not BSOD with madCodeHook in general. I've never heard of such a case with including the Windows unit only, for example. Something seems off in that case...

--Iconic

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 9:01 am
by madshi
One thing I'm a bit scared of myself is what newer Delphi versions might be doing "secretly" in a dll's initialization. Which is why I personally like to use Delphi 7 for win32 hook dlls. I know Delphi 7 does nothing harmful. Sadly, Delphi 7 doesn't support 64bit dlls, so there's no way to avoid using a newer Delphi version for 64bit. I've actually switched over to MSVC++, but only for hook dlls. For EXEs I still prefer Delphi by a long shot, because it's *SO* much easier to develop GUIs with, and I simply like the language, and the fast compiler etc...

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 9:05 am
by iconic
Delphi 10.x now has MUCH slower compile times, among many other things I've noticed. My go-to is XE2 for 64-bit and 32-bit apps, but Delphi 7 was my favorite, too bad it didn't support 64-bit compilation

--Iconic

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 9:10 am
by madshi
Ouch, didn't know that Delphi 10.x compiles slower. Any idea why?

Yes, XE2 is probably the safest choice for 64bit. And yes, Delphi 7 is also my favorite. Still using it a lot today.

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 9:16 am
by iconic
That's an email answer =] Yes, MUCH slower, have benches showing it. Very disappointed with that fact. 3/4x actually compiler speed loss. Then again, the trading hands of the company (now Idera?) is a lot over the years.
Delphi will forever be my favorite, along with the inline assembly support. I only use c when I need to :D I recently saw a video showing a modern Delphi compiler compiling 1 million lines in 5 seconds. Not
too bad, in c/c++ that would take an eternity. IIRC the video was also in VM, so that's more like 3 seconds

https://community.idera.com/developer-t ... ith-delphi

--Iconic

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 9:49 am
by madshi
Yeah, in MSVC++ sometimes even loading a project (and the IDE parsing all the header files etc) can take an eternity...

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 10:00 am
by iconic
It's why we're Delphi coders. We know better :wink:

Back on topic, Pambol please try the above suggestions and let us know the result please.
Your Delphi version used can also be important to us, so please let us know.

--Iconic

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 2:30 pm
by pambol
Tested all solutions posted here and the BSOD still.
maybe is the version of MCH who i use madCollection 4.0.0.2.

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 2:50 pm
by madshi
Please try updating to the latest madCodeHook build, maybe that helps?

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 3:29 pm
by pambol
tried update and at IDE say "[dcc64 Fatal Error] Unit1.pas(7): F2613 Unit 'MadCodeHook' not found."

Re: InjectLibraryW cause BSOD

Posted: Sat Mar 14, 2020 3:33 pm
by madshi
Maybe your subscription has run out? I guess you could try madCodeHook v3, that one doesn't ever run out.

Re: InjectLibraryW cause BSOD

Posted: Tue Apr 14, 2020 12:42 am
by iconic
Update via Email:

This issue was solved by the user by not including unnecessary included files, which I had asked him to eliminate originally...

"solved disabling //, SysUtils{$ENDIF}, SysUtils;//, Forms, Dialogs;"

Case solved. Not directly related to MCH in any way (injection, hooking or other)

--Iconic