weird result hooking GetQueuedCompletionStatus

c++ / delphi package - dll injection and api hooking

weird result hooking GetQueuedCompletionStatus

Postby wineggdrop » Sun Apr 12, 2020 5:31 am

trying to hook GetQueuedCompletionStatus from microsoft SDK IOCP echo server sample,the detour GetQueuedCompletionStatus just won't get triggered when client connects to the echo server,it only gets triggered when client sends data to the echo server,but from the sample code,GetQueuedCompletionStatus is called from workerthread when client connects to the echo server,so I don't know what goes wrong.

iocpserver.h and iocpserverex.cpp are the echo server sample,madhook.cpp is the code to hook GetQueuedCompletionStatus.

I even change the 4th Parameter of AcceptEx to 0,still the same result.
Attachments
AcceptEx.rar
(11.33 KiB) Downloaded 149 times
wineggdrop
 
Posts: 19
Joined: Mon Nov 18, 2019 6:18 am

Re: weird result hooking GetQueuedCompletionStatus

Postby iconic » Tue Apr 14, 2020 12:38 am

I should have some time to check this out tomorrow. Thanks

--Iconic
iconic
Site Admin
 
Posts: 967
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Postby iconic » Tue Apr 14, 2020 6:03 pm

Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?

--Iconic
iconic
Site Admin
 
Posts: 967
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Postby wineggdrop » Fri Apr 17, 2020 4:24 am

iconic wrote:Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?

--Iconic

yes, the same result.I wonder why this would happen. I even change the sample code with one worker thread,still the same result.
wineggdrop
 
Posts: 19
Joined: Mon Nov 18, 2019 6:18 am

Re: weird result hooking GetQueuedCompletionStatus

Postby iconic » Sun Apr 19, 2020 6:52 pm

Hello,

The thread you're creating in DLLMain is unnecessary and often times can be dangerous inside DLLMain, the thread will also not run until the loader lock is lifted, so all it's doing is actually delaying the installation of your code hook when it could be in fact hooked sooner.

Since this happens with other code hook libraries and isn't specifically an issue with MCH (that's what this forum is for) we don't have the time to investigate why every project similar to this can fail since it happens with any you've tried.

My advice would be to try hooking both kernel32.dll GetQueuedCompletionStatus() and kernelbase.dll GetQueuedCompletionStatus(). There's also a GetQueuedCompletionStatusEx() in both libs you could also try hooking. It's possible that may solve your issue that you're experiencing, just a guess though.

--Iconic
iconic
Site Admin
 
Posts: 967
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Postby madshi » Mon Apr 20, 2020 8:30 am

madshi
Site Admin
 
Posts: 10274
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 30 guests