Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PR #63] Crashes when attempting to hook LoadLibraryExW #70

Open
praydog opened this issue Apr 7, 2024 · 4 comments
Open

[PR #63] Crashes when attempting to hook LoadLibraryExW #70

praydog opened this issue Apr 7, 2024 · 4 comments

Comments

@praydog
Copy link
Collaborator

praydog commented Apr 7, 2024

Will update with more info. First glance looks like an exception occurs inside of trap_threads, causing a nested acquisition of the trap mutex.

@ThirteenAG
Copy link

There's also a recursion when hooking AcquireSRWLockExclusive, which, I don't know, probably nothing can be done about?

void WINAPI CustomAcquireSRWLockExclusive(PSRWLOCK SRWLock)
{
    return shAcquireSRWLockExclusive.stdcall<void>(SRWLock);
}
...
shAcquireSRWLockExclusive = safetyhook::create_inline(AcquireSRWLockExclusive, CustomAcquireSRWLockExclusive);
>	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::stdcall<void,_RTL_SRWLOCK *>(_RTL_SRWLOCK * <args_0>)	C++	Symbols loaded.
 	dinput8.dll!CustomAcquireSRWLockExclusive(_RTL_SRWLOCK * SRWLock)	C++	Symbols loaded.
 	msvcp140d.dll!mtx_do_lock(_Mtx_internal_imp_t * mtx, const _timespec64 * target)	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!_Mtx_lock(_Mtx_internal_imp_t * mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock()	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::recursive_mutex>::scoped_lock<std::recursive_mutex>(std::recursive_mutex & _Mtx)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::destroy()	C++	Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::operator=(safetyhook::InlineHook && other)	C++	Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::InlineHook(safetyhook::InlineHook && other)	C++	Symbols loaded.
 	dinput8.dll!std::expected<safetyhook::InlineHook,safetyhook::InlineHook::Error>::expected<safetyhook::InlineHook,safetyhook::InlineHook::Error><safetyhook::InlineHook>(safetyhook::InlineHook && _Other)	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::InlineHook::create(const std::shared_ptr<safetyhook::Allocator> & allocator, void * target, void * destination)	C++	Symbols loaded.

As for LoadLibraryExW crash, tried to repro, but couldn't.

@cursey
Copy link
Owner

cursey commented Apr 9, 2024

There's also a recursion when hooking AcquireSRWLockExclusive, which, I don't know, probably nothing can be done about?

I might be able to code around this issue actually using a spinlock or something instead.

@ThirteenAG
Copy link

I might be able to code around this issue actually using a spinlock or something instead.

I was able to repro with GetProcAddress also:

shGetProcAddress = safetyhook::create_inline(GetProcAddress, CustomGetProcAddress);

 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Symbols loaded.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, _CONTEXT * pContext=0x000a1368, void * pDC=0x000a12a4, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, _CONTEXT * pContext=0x000a1368, void * pDC=0x000a12a4, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Symbols loaded.
>	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a1318, EHRegistrationNode * pRN=0x000a2268, void * pContext=0x000a1368, void * pDC=0x000a12a4) Line 271	C++	Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Symbols loaded.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Symbols loaded.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Symbols loaded.
 	KernelBase.dll!_RaiseException@16()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!_CxxThrowException(void * pExceptionObject=0x000a1f38, const _s__ThrowInfo * pThrowInfo=0x64302368) Line 82	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!std::_Throw_Cpp_error(int code=0x00000005) Line 36	C++	Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock() Line 61	C++	Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::mutex>::scoped_lock<std::mutex>(std::mutex & _Mtx={...}) Line 508	C++	Symbols loaded.
 	dinput8.dll!safetyhook::TrapManager::trap_handler(_EXCEPTION_POINTERS * exp=0x000a2290) Line 1378	C++	Symbols loaded.
 	ntdll.dll!_RtlpCallVectoredHandlers@12()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!RtlDispatchException()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3164, void * pDC=0x000a309c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3164, void * pDC=0x000a309c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a3114, EHRegistrationNode * pRN=0x000a4e00, void * pContext=0x000a3164, void * pDC=0x000a309c) Line 271	C++	Non-user code. Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	kernel32.dll!_GetProcAddressStub@8()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!try_get_proc_address_from_first_available_module(const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 183	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_function(const `anonymous-namespace'::function_id id=FlsGetValue_id, const char * const name=0x6ca41890, const `anonymous-namespace'::module_id * const first_module_id=0x6ca41888, const `anonymous-namespace'::module_id * const last_module_id=0x6ca41890) Line 211	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!try_get_FlsGetValue() Line 254	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_FlsGetValue(unsigned long fls_index=0x0000000a) Line 281	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd_noexit() Line 111	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__vcrt_getptd() Line 163	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandler<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3f00, void * pDC=0x000a3e3c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 303	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__InternalCxxFrameHandlerWrapper<__FrameHandler3>(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, _CONTEXT * pContext=0x000a3f00, void * pDC=0x000a3e3c, const _s_FuncInfo * pFuncInfo=0x5e42b140, int CatchDepth=0x00000000, EHRegistrationNode * pMarkerRN=0x00000000, unsigned char recursive='\0') Line 252	C++	Non-user code. Symbols loaded.
 	vcruntime140d.dll!__CxxFrameHandler3(EHExceptionRecord * pExcept=0x000a3eb0, EHRegistrationNode * pRN=0x000a4e00, void * pContext=0x000a3f00, void * pDC=0x000a3e3c) Line 271	C++	Non-user code. Symbols loaded.
 	ntdll.dll!ExecuteHandler2@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!ExecuteHandler@20()	Unknown	Non-user code. Symbols loaded without source information.
 	ntdll.dll!_KiUserExceptionDispatcher@8()	Unknown	Non-user code. Symbols loaded without source information.
 	KernelBase.dll!_RaiseException@16()	Unknown	Non-user code. Symbols loaded without source information.
 	vcruntime140d.dll!_CxxThrowException(void * pExceptionObject=0x000a4ad0, const _s__ThrowInfo * pThrowInfo=0x64302368) Line 82	C++	Non-user code. Symbols loaded.
 	msvcp140d.dll!std::_Throw_Cpp_error(int code=0x00000005) Line 36	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::_Mutex_base::lock() Line 61	C++	Non-user code. Symbols loaded.
 	dinput8.dll!std::scoped_lock<std::mutex>::scoped_lock<std::mutex>(std::mutex & _Mtx={...}) Line 508	C++	Non-user code. Symbols loaded.
 	dinput8.dll!safetyhook::TrapManager::trap_handler(_EXCEPTION_POINTERS * exp=0x000a4e28) Line 1378	C++	Symbols loaded.
...

@BruhRain
Copy link

BruhRain commented Dec 7, 2024

I get the same issue hooking NtMapViewOfSection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants