SendIpcMessage from service to usersession fails on 32 bit

c++ / delphi package - dll injection and api hooking
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

SendIpcMessage from service to usersession fails on 32 bit

Post by tbrd »

Hi Madshi!

I want to send IpcMessages from my system process running in session 0 to my user process running in an input session. It does function, if I use 64-bit processes on 64-bit platform. If I run my 32-bit compilation on a Windows 7 32-bit machine, all IPC calls run into a timeout of approx. 5 seconds and fail (SendIpcMessage returns 0). The callback function of the remote process is never called in 32-bit.
InitializeMadCodeHook is called before of course.

Is there a problem with the 32-bit Ipc functionality?
I also checked Ipc by sending within input session: OK
Sending Ipc messages from input session to service: OK

Installer 2.8.3.0 and 2.8.3.10

Thanks
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

In theory I have tested all variants of 32bit <-> 64bit on all OSs, and it's supposed to work correctly.

Did the CreateIpcQueue() and SendIpcMessage() APIs return TRUE or FALSE? In case of FALSE, what does GetLastError() say?

Do you have a chance to test this on more OSs? E.g. Win8.1 32bit, Win10 32bit, or some 64bit OSs with your 32bit EXEs?
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

Hello Madshi!

I just ran the following test on my Windows 8 32-Bit machine.
Installer 2.8.3.0,
Console executable compiled with the latest VS 2017 :

Code: Select all

VOID WINAPI IPCCALLBACK(LPCSTR pIpc, LPCVOID pMessageBuf, DWORD dwMessageLen, LPVOID pAnswerBuf, DWORD dwAnswerLen, LPVOID pContext) {
	_putws(L"call");
}

int _tmain(int argc, _TCHAR* argv[]) {
	InitializeMadCHook();
	if (argc > 1) {
		LONGLONG llTest = 0;
		_putws(L"test start");
		wprintf_s(L"testnachricht gesendet? %u result 0x%I64X, LastError %u", SendIpcMessage("TEST", L"Testnachricht", sizeof(L"Testnachricht"), &llTest, sizeof(llTest), INFINITE, TRUE), llTest, GetLastError());
	} else {
		if (CreateIpcQueue("TEST", IPCCALLBACK, nullptr, 16, 4096, nullptr)) {
			_putws(L"OK");
		}
	}
	SleepEx(20000, TRUE);
	return 0;
}
First, I started the executable with no parameters in my console session. It opened the IpcQueue: OK .
ProcessExplorer shows the corresponding ALPC Port for the process.
Then I started psexec -s -i Test.exe aaaa .
Console window shows test start and then there is a delay of approx 5 seconds.
After that wait time console window shows testnachricht gesendet? 0 result 0x0, LastError 0
The first console window never shows call in this environment.

Running the same 32-bit executable on my Windows 10 x64 shows the same result ( IPC not functional )
Running the same code compiled in 64-Bit on the same Windows 10 x64 gives a positive result ( IPC functional, call)
Also 32-Bit IpcQueue process is functional with 64-bit SendIpcMessage process. (call)
But 64-Bit IpcQueue process is not functional with 32-bit SendIpcMessage process ( Ipc runs into a timeout with no lastError)
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

What happens if you run the process which calls CreateIpcQueue elevated (run as admin)?
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

I tested all three failed combinations with elevated sender: nothing changed
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

I'm not talking about the sender, I'm talking about the queue owner.
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

sorry I ment the queue process. the sending process is system account of course.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

Ok, what is the exact name/path of the ALPC port of the queue owner?
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

ist is \RPC Control\mchIpcTEST. If the queue is not available, my SendIpcMessage test executable immediately fails and there is no timeout. just as expected.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

Ok, let me guess: If you remove the "reply", it will work ok?
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

Yes then it works, but the "reply" is the important thing in my case :(
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

Well, of course it's supposed to work. So to sum up:

32bit queue + 32bit sender = problem
64bit queue + 32bit sender = problem
32bit queue + 64bit sender = ok
64bit queue + 64bit sender = ok

Is that correct? Looks like a bug with the 32bit sender then.

Are you using madCodeHook v3 or v4? And do you use the static lib files shipping with madCodeHook? Do you have access to the madCodeHook source code? If so, are you building the source code yourself?
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

Yes, the 32-bit sender is the problem.

No, I do not have access to the source code. I use v4 linking the static lib files into my executable.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: SendIpcMessage from service to usersession fails on 32 b

Post by madshi »

Ok, I'll try to reproduce this on my PC. Might take until early next week, though.
tbrd
Posts: 19
Joined: Thu Dec 15, 2016 8:45 am

Re: SendIpcMessage from service to usersession fails on 32 b

Post by tbrd »

Hi Madshi!
Is there a solution for my problem in near future?
Post Reply