Ipc queue not sending back an answer

c++ / delphi package - dll injection and api hooking
Post Reply
franktrap
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Ipc queue not sending back an answer

Post by franktrap »

We've recently upgraded to madCodeHook 4.0, and have ran into some issues relating to the ipc queue. When injecting system-wide, we're usually not getting an answer back to the injected dll.
The queue does get established, and some processes are able to get an answer back, but not all.
This was not the case when we were using the previous madCodeHook 3.0.x and I'm wondering whether it could be a bug in the new madCodeHook 4.0 or something on our end. Here's a sample of the code:

Callback (in the core executable responsible for injection):

Code: Select all

int local_log_level = 0;
void WINAPI CoreToDllHandler(LPCSTR,
	LPCVOID pMessageBuf, DWORD size,
	LPVOID pAnswerBuf, DWORD answerLen, LPVOID pContext)
{
	printf("Entered dll handler callback\n");
	int *log_level = static_cast<int*>(pAnswerBuf);
	*log_level = local_log_level;
}
Queue creation (in the executable responsible for injection):

Code: Select all

bool CoreToDllQueue()
{
	if (!CreateIpcQueue(WORKING_DIR_COMM, CoreToDllHandler)) {
		LOG_ERROR("Could not create IPC messaging queue from Core to Dll!");
		return false;
	}
	LOG_DEBUG("Core to Dll message IPC Queue established.");
	return true;
}
Attempting to send a message (from the injected dll to the core executable):

Code: Select all

int log_level = 0;
SendIpcMessage(WORKING_DIR_COMM, nullptr, NULL,
		&log_level, sizeof(int), 7000, 1);
Additionally, we've been unable to get RegisterUninjectCallback to build in 64 bit (32 bit compiles) mode:
Error: error LNK2001: unresolved external symbol RegisterUninjectCallback
We're linking with madchook64mt.lib with /MT Runtime Library option.

Code example:
Callback:

Code: Select all

void WINAPI UninjectCallback(LPCVOID context)
{
	if (config_files != nullptr)
	{
		free(config_files);
	}
}
Call:

Code: Select all

	RegisterUninjectCallback(UninjectCallback, nullptr);
Any help is appreciated, thanks in advance.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Post by madshi »

I think both issues are probably fixed in the latest beta build. Can you give it a try?

http://madshi.net/madCollectionBeta.exe
franktrap
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Post by franktrap »

I applied the beta build. It fixed the problem with RegisterUninjectCallback (compiles and seems to work properly), however the issues with getting answers back to the injected process persist.

I'll revert back to madchooks 3.1 to verify that the behavior is due to the switch between 3.1 and 4.0, or whether it's in our code base itself. I'll let you know the results.

Thank you for your quick reply.
franktrap
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Post by franktrap »

Update:
Reverted back to madchooks 3.1.13, ipc queue now works as expected.
No changes were made in the code base which is responsible for establishing, sending messages, and closing the queue.
This points to a likely bug in the madchooks 4.0.0 and beta build relating to sending an answer back to the source of the message, leading to some processes getting answers back and others not.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Post by madshi »

Did you recompile both the sender and receiver with the beta build?

Can you reproduce the problem with a simple test project? If so, can you make that test project available to me?
franktrap
Posts: 4
Joined: Wed Oct 19, 2016 1:21 pm

Re: Ipc queue not sending back an answer

Post by franktrap »

Both sender and receiver were recompiled with the beta files, libs as well as drivers.

It would take a bit of work to mock up a small, functionally equivalent, working example. I'll try to find some time to make a test project
and email (or gitlab/hub/other preferred method) you the source (assuming the results are reproducible) .
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Post by madshi »

That's great - thanks! You can email to madshi (at) gmail (dot) com.
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Ipc queue not sending back an answer

Post by Nash70 »

hi,

This also seems to happen with the AUC. If start a process with "run as admin" the hooks will work, but the ipc message does not arrive.

Tested win10, win8.1 + mch4 last beta.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Ipc queue not sending back an answer

Post by madshi »

What is AUC?

I'll need a way to reproduce the problem, otherwise I can't fix it. Might be worth trying the latest beta, just to double check:

http://madshi.net/madCollectionBeta.exe
Nash70
Posts: 14
Joined: Mon Jun 02, 2014 6:50 pm

Re: Ipc queue not sending back an answer

Post by Nash70 »

UAC (not AUC :oops: dyslexia dixit) dialog ask for elevated privileges .

i will try with last beta. Thanks again!
Post Reply