Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[PR #63] Crashes when attempting to hook LoadLibraryExW #70

Open
praydog opened this issue Apr 7, 2024 · 3 comments
Open

[PR #63] Crashes when attempting to hook LoadLibraryExW #70

praydog opened this issue Apr 7, 2024 · 3 comments

Comments

@praydog
Copy link
Collaborator

praydog commented Apr 7, 2024

Will update with more info. First glance looks like an exception occurs inside of trap_threads, causing a nested acquisition of the trap mutex.
@ThirteenAG
Copy link

There's also a recursion when hooking AcquireSRWLockExclusive, which, I don't know, probably nothing can be done about?

void WINAPI CustomAcquireSRWLockExclusive(PSRWLOCK SRWLock)
{
    return shAcquireSRWLockExclusive.stdcall<void>(SRWLock);
}
...
shAcquireSRWLockExclusive = safetyhook::create_inline(AcquireSRWLockExclusive, CustomAcquireSRWLockExclusive);
>	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::destroy()	C++	Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::operator=(safetyhook::InlineHook && other)	C++	Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::InlineHook(safetyhook::InlineHook && other)	C++	Symbols loaded.
 	dinput8.dll!std::expected<safetyhook::InlineHook,safetyhook::InlineHook::Error>::expected<safetyhook::InlineHook,safetyhook::InlineHook::Error><safetyhook::InlineHook>(safetyhook::InlineHook && _Other)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::create(const std::shared_ptr<safetyhook::Allocator> & allocator, void * target, void * destination)	C++	Symbols loaded.

As for LoadLibraryExW crash, tried to repro, but couldn't.

@cursey
Copy link
Owner

cursey commented Apr 9, 2024

There's also a recursion when hooking AcquireSRWLockExclusive, which, I don't know, probably nothing can be done about?

I might be able to code around this issue actually using a spinlock or something instead.

@ThirteenAG
Copy link

I might be able to code around this issue actually using a spinlock or something instead.

I was able to repro with GetProcAddress also:

shGetProcAddress = safetyhook::create_inline(GetProcAddress, CustomGetProcAddress);

 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Symbols loaded.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, _CONTEXT * pContext=0x000a1368, void * pDC=0x000a12a4, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, _CONTEXT * pContext=0x000a1368, void * pDC=0x000a12a4, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Symbols loaded.
>	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, void * pContext=0x000a1368, void * pDC=0x000a12a4) Line 271	C++	Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Symbols loaded.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Symbols loaded.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Symbols loaded.
 	KernelBase.dll!_RaiseException@16()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!_CxxThrowException(void * pExceptionObject=0x000a1f38, const _s__ThrowInfo * pThrowInfo=0x64302368) Line 82	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!std::_Throw_Cpp_error(int code=0x00000005) Line 36	C++	Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock() Line 61	C++	Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::mutex>::scoped_lock<std::mutex>(std::mutex & _Mtx={...}) Line 508	C++	Symbols loaded.
 	dinput8.dll!safetyhook::TrapManager::trap_handler(_EXCEPTION_POINTERS * exp=0x000a2290) Line 1378	C++	Symbols loaded.
 	ntdll.dll!_RtlpCallVectoredHandlers@12()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!RtlDispatchException()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3164, void * pDC=0x000a309c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3164, void * pDC=0x000a309c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, void * pContext=0x000a3164, void * pDC=0x000a309c) Line 271	C++	Non-user code. Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3f00, void * pDC=0x000a3e3c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3f00, void * pDC=0x000a3e3c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, void * pContext=0x000a3f00, void * pDC=0x000a3e3c) Line 271	C++	Non-user code. Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	KernelBase.dll!_RaiseException@16()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!_CxxThrowException(void * pExceptionObject=0x000a4ad0, const _s__ThrowInfo * pThrowInfo=0x64302368) Line 82	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!std::_Throw_Cpp_error(int code=0x00000005) Line 36	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock() Line 61	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::mutex>::scoped_lock<std::mutex>(std::mutex & _Mtx={...}) Line 508	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::TrapManager::trap_handler(_EXCEPTION_POINTERS * exp=0x000a4e28) Line 1378	C++	Symbols loaded.
...

@fklfkl fklfkl mentioned this issue Jul 16, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@praydog @ThirteenAG @cursey