UnHookCode causes access violation

c++ / delphi package - dll injection and api hooking
Post Reply
TCS
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

UnHookCode causes access violation

Post by TCS »

Hey,

This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread.

In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode().
In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails.

The problem is that in a reproducable scenario unhook of CoCreateInstance causes access violation. The call stack is the following:
ntdll.dll!000000007789afba() Unknown
KernelBase.dll!000007fefd6d1592() Unknown
my_dll.dll!CCodeHook::~CCodeHook(void) C++
my_dll.dll!CCodeHook::`vector deleting destructor'(unsigned int) C++
my_dll.dll!AutoUnhookUninject(struct HINSTANCE__ *) C++
my_dll.dll!UnhookCode() C++

p.s.
IsHookInUse() returns 0.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Post by madshi »

Does this still happen with madCodeHook 3.1.11? If so, is there a way for me to reproduce the problem somehow? Or can you somehow find out which source code line in the destructor produces that crash?
TCS
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Post by TCS »

1. I do use the latest version. btw, is there a way to verify what is the installed version?

2. I did not succeed in reproducing it on a small scale demo, and I don't have the source code. I can try and produce a dump if you like.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Post by madshi »

What happens if you compile a debug version? Maybe the stack trace then contains line numbers or something?
TCS
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Post by TCS »

no...
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: UnHookCode causes access violation

Post by madshi »

Oh well. Please send me a crash dump then. If possible, please use the debug version of your hook dll, and please include the PDB also. Thanks!
TCS
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Post by TCS »

Sending by mail...
TCS
Posts: 33
Joined: Tue Aug 19, 2014 8:58 pm

Re: UnHookCode causes access violation

Post by TCS »

Also, I've use an IPC mechanism I have to try and unhook before the dll main (before uninjecting the libraries) and it still crashes.
Post Reply