Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Delphi threading problem
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 04-28-2020, 10:51
phroyt phroyt is offline
Friend
  
Join Date: May 2018
Posts: 77
Rept. Given: 0
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 35
Thanks Rcvd at 106 Times in 40 Posts
phroyt Reputation: 8
Red face
More I program in Delphi, less I know.

My DLL uses the code below to hook the target .EXE functions:

Code:
library blablabla;

uses
  System.SysUtils,
  System.Classes,
  System.Types,
  AnsiStrings,
  Windows,
  CPUID in 'DDetours\Source\CPUID.pas',
  DDetours in 'DDetours\Source\DDetours.pas',
  InstDecode in 'DDetours\Source\InstDecode.pas';

{$R *.res}

///////////////////
// DLLMain
//////////////////
procedure DllInit(Reason: DWord); stdcall;
begin
  case Reason of
    DLL_PROCESS_ATTACH: begin
      if (Pos('target', ParamStr(0)) > 0) then
      begin
        //Hooks
        @TrampolineCreateFileA := InterceptCreate(@CreateFileA, @CreateFileA_Hooked);
        @TrampolineDeviceIoControl := InterceptCreate(@DeviceIoControl, @DeviceIoControl_Hooked);
      end;

    end; {= DLL_PROCESS_ATTACH =}

    DLL_PROCESS_DETACH: begin
      InterceptRemove(@CreateFileA);
      InterceptRemove(@DeviceIoControl);
    end; {= DLL_PROCESS_DETACH =}
  end;
end;

begin
  DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.
The target .EXE run very well, until it tries to create a thread.
A crash is throw inside ntdll.dll code callstack:

Code:
:8d575653 
:77d196de ; 
:77d19658 ntdll.RtlInitializeCriticalSection + 0x88
:77cf2b06 ; 
:77cf2a2c ntdll.RtlExitUserThread + 0x4c
:75906a1b KERNEL32.BaseThreadInitThunk + 0x2b
:77d2ad8f ntdll.RtlInitializeExceptionChain + 0x8f
:77d2ad5a ntdll.RtlInitializeExceptionChain + 0x5a
I don't know what the hell is going on.
But in a blind shot, I commented out the DLLProc line and voilá

Code:
begin
  //DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.
The codes sent to DLLProc doesn't make sense either:

DLLInit: 0x00000001 => DLL_PROCESS_ATTACH
DLLInit: 0x6CBE2728
DLLInit: 0x6D992728
DLLInit: 0x064DBC38


By the way, it solves my problem.

Thanks Sir.
Last edited by phroyt; 04-28-2020 at 10:52. Reason: Thanks
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
OllyDbg is not good at supporting breakpoints in multi-threading environment BlackWhite General Discussion 6 08-10-2017 20:43
Keygenning With Delphi: Useful Delphi Functions and Tips chessgod101 General Discussion 5 01-05-2015 23:02
Delphi Encryption Compendium v3.0 Problem winndy General Discussion 1 02-18-2006 10:12
Modifying Kernel Mode Driver for Hyper Threading aldente General Discussion 8 08-13-2004 10:11


All times are GMT +8. The time now is 21:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )