weird result hooking GetQueuedCompletionStatus

c++ / delphi package - dll injection and api hooking
Post Reply
wineggdrop
Posts: 19
Joined: Mon Nov 18, 2019 6:18 am

weird result hooking GetQueuedCompletionStatus

Post by wineggdrop »

trying to hook GetQueuedCompletionStatus from microsoft SDK IOCP echo server sample,the detour GetQueuedCompletionStatus just won't get triggered when client connects to the echo server,it only gets triggered when client sends data to the echo server,but from the sample code,GetQueuedCompletionStatus is called from workerthread when client connects to the echo server,so I don't know what goes wrong.

iocpserver.h and iocpserverex.cpp are the echo server sample,madhook.cpp is the code to hook GetQueuedCompletionStatus.

I even change the 4th Parameter of AcceptEx to 0,still the same result.
Attachments
AcceptEx.rar
(11.3 KiB) Downloaded 318 times
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Post by iconic »

I should have some time to check this out tomorrow. Thanks

--Iconic
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Post by iconic »

Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?

--Iconic
wineggdrop
Posts: 19
Joined: Mon Nov 18, 2019 6:18 am

Re: weird result hooking GetQueuedCompletionStatus

Post by wineggdrop »

iconic wrote:Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?

--Iconic
yes, the same result.I wonder why this would happen. I even change the sample code with one worker thread,still the same result.
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: weird result hooking GetQueuedCompletionStatus

Post by iconic »

Hello,

The thread you're creating in DLLMain is unnecessary and often times can be dangerous inside DLLMain, the thread will also not run until the loader lock is lifted, so all it's doing is actually delaying the installation of your code hook when it could be in fact hooked sooner.

Since this happens with other code hook libraries and isn't specifically an issue with MCH (that's what this forum is for) we don't have the time to investigate why every project similar to this can fail since it happens with any you've tried.

My advice would be to try hooking both kernel32.dll GetQueuedCompletionStatus() and kernelbase.dll GetQueuedCompletionStatus(). There's also a GetQueuedCompletionStatusEx() in both libs you could also try hooking. It's possible that may solve your issue that you're experiencing, just a guess though.

--Iconic
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: weird result hooking GetQueuedCompletionStatus

Post by madshi »

Post Reply