Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Delphi threading problem (https://forum.exetools.com/showthread.php?t=19505)

phroyt 04-26-2020 14:07

Delphi threading problem
 
I have a executable that was written in Delphi 2007.
My DLL is written in Delphi 10.2

I'm using Delphi Detours Library to hook some functions.

Everything was fine when a old DLL is used.

But, I don't know why, now the target is throwing Access Violations when it try to create a thread.

After some deep digging, I found that any call from BeginThread to windows CreateThread is throwing Access Violation.

Is something about SysInit ThreadWrapper.

Anyone can give me some light?

chessgod101 04-27-2020 06:40

Make sure you are using the correct calling convention for your thread function. If you are using BeginThread, you cannot define the function as a STDCALL. BeginThread is basically a workaround for your thread function to use the delphi calling convention. My personal suggestion and preference for x86 is to use the standard WinAPI CreateThread and define your thread function as follows.

Function MyThreadFunction(p:Pointer):Cardinal; STDCALL;
Begin
//dostuff
Result:=0;
End;

phroyt 04-28-2020 10:51

More I program in Delphi, less I know. :o

My DLL uses the code below to hook the target .EXE functions:

Code:

library blablabla;

uses
  System.SysUtils,
  System.Classes,
  System.Types,
  AnsiStrings,
  Windows,
  CPUID in 'DDetours\Source\CPUID.pas',
  DDetours in 'DDetours\Source\DDetours.pas',
  InstDecode in 'DDetours\Source\InstDecode.pas';

{$R *.res}

///////////////////
// DLLMain
//////////////////
procedure DllInit(Reason: DWord); stdcall;
begin
  case Reason of
    DLL_PROCESS_ATTACH: begin
      if (Pos('target', ParamStr(0)) > 0) then
      begin
        //Hooks
        @TrampolineCreateFileA := InterceptCreate(@CreateFileA, @CreateFileA_Hooked);
        @TrampolineDeviceIoControl := InterceptCreate(@DeviceIoControl, @DeviceIoControl_Hooked);
      end;

    end; {= DLL_PROCESS_ATTACH =}

    DLL_PROCESS_DETACH: begin
      InterceptRemove(@CreateFileA);
      InterceptRemove(@DeviceIoControl);
    end; {= DLL_PROCESS_DETACH =}
  end;
end;

begin
  DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.

The target .EXE run very well, until it tries to create a thread.
A crash is throw inside ntdll.dll code callstack:

Code:

:8d575653
:77d196de ;
:77d19658 ntdll.RtlInitializeCriticalSection + 0x88
:77cf2b06 ;
:77cf2a2c ntdll.RtlExitUserThread + 0x4c
:75906a1b KERNEL32.BaseThreadInitThunk + 0x2b
:77d2ad8f ntdll.RtlInitializeExceptionChain + 0x8f
:77d2ad5a ntdll.RtlInitializeExceptionChain + 0x5a

I don't know what the hell is going on.
But in a blind shot, I commented out the DLLProc line and voilá

Code:

begin
  //DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.

The codes sent to DLLProc doesn't make sense either:

DLLInit: 0x00000001 => DLL_PROCESS_ATTACH
DLLInit: 0x6CBE2728
DLLInit: 0x6D992728
DLLInit: 0x064DBC38


By the way, it solves my problem.

Thanks Sir.

TQN 05-01-2020 16:11

Yes, confict/bug in DllEntryPoint function of your Delphi code.
When a thread created, system will call DllEntryPoint function with param DLL_THREAD_ATTACHED

phroyt 05-03-2020 07:51

That's the point.

I always thought it worked like this.

But unknown code are sent

Code:

DLLInit: 0x00000001 => DLL_PROCESS_ATTACH
DLLInit: 0x6CBE2728
DLLInit: 0x6D992728
DLLInit: 0x064DBC38

The normal values are:
Code:

  DLL_PROCESS_ATTACH = 1;
  {$EXTERNALSYM DLL_PROCESS_ATTACH}
  DLL_THREAD_ATTACH = 2;
  {$EXTERNALSYM DLL_THREAD_ATTACH}
  DLL_THREAD_DETACH = 3;
  {$EXTERNALSYM DLL_THREAD_DETACH}
  DLL_PROCESS_DETACH = 0;
  {$EXTERNALSYM DLL_PROCESS_DETACH}

The first one (DLL_PROCESS_ATTACH) is called by myself on BEGIN section.

Code:

begin
  //DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.

I tested moving this code to Unit Initialization Section and works like a charm too.

Like you said, probably a DLLProc erratic behavior.

Thanks

TQN 05-05-2020 13:03

You can refer two documents:
1. http://docs.embarcadero.com/products/rad_studio/delphiAndcpp2009/HelpUpdate2/EN/html/delphivclwin32/System_DLLProc.html
2. https://www.delphipraxis.net/47406-dll-entry-function.html
Best regards,


All times are GMT +8. The time now is 12:12.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX