Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-26-2020, 14:07
phroyt phroyt is offline
Friend
 
Join Date: May 2018
Posts: 65
Rept. Given: 0
Rept. Rcvd 7 Times in 3 Posts
Thanks Given: 25
Thanks Rcvd at 93 Times in 37 Posts
phroyt Reputation: 7
Delphi threading problem

I have a executable that was written in Delphi 2007.
My DLL is written in Delphi 10.2

I'm using Delphi Detours Library to hook some functions.

Everything was fine when a old DLL is used.

But, I don't know why, now the target is throwing Access Violations when it try to create a thread.

After some deep digging, I found that any call from BeginThread to windows CreateThread is throwing Access Violation.

Is something about SysInit ThreadWrapper.

Anyone can give me some light?
Reply With Quote
  #2  
Old 04-27-2020, 06:40
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 508
Rept. Given: 2,106
Rept. Rcvd 668 Times in 209 Posts
Thanks Given: 506
Thanks Rcvd at 731 Times in 151 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Make sure you are using the correct calling convention for your thread function. If you are using BeginThread, you cannot define the function as a STDCALL. BeginThread is basically a workaround for your thread function to use the delphi calling convention. My personal suggestion and preference for x86 is to use the standard WinAPI CreateThread and define your thread function as follows.

Function MyThreadFunction(p:Pointer):Cardinal; STDCALL;
Begin
//dostuff
Result:=0;
End;
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
phroyt (04-28-2020), Rasmus (04-27-2020)
  #3  
Old 04-28-2020, 10:51
phroyt phroyt is offline
Friend
 
Join Date: May 2018
Posts: 65
Rept. Given: 0
Rept. Rcvd 7 Times in 3 Posts
Thanks Given: 25
Thanks Rcvd at 93 Times in 37 Posts
phroyt Reputation: 7
Red face

More I program in Delphi, less I know.

My DLL uses the code below to hook the target .EXE functions:

Code:
library blablabla;

uses
  System.SysUtils,
  System.Classes,
  System.Types,
  AnsiStrings,
  Windows,
  CPUID in 'DDetours\Source\CPUID.pas',
  DDetours in 'DDetours\Source\DDetours.pas',
  InstDecode in 'DDetours\Source\InstDecode.pas';

{$R *.res}

///////////////////
// DLLMain
//////////////////
procedure DllInit(Reason: DWord); stdcall;
begin
  case Reason of
    DLL_PROCESS_ATTACH: begin
      if (Pos('target', ParamStr(0)) > 0) then
      begin
        //Hooks
        @TrampolineCreateFileA := InterceptCreate(@CreateFileA, @CreateFileA_Hooked);
        @TrampolineDeviceIoControl := InterceptCreate(@DeviceIoControl, @DeviceIoControl_Hooked);
      end;

    end; {= DLL_PROCESS_ATTACH =}

    DLL_PROCESS_DETACH: begin
      InterceptRemove(@CreateFileA);
      InterceptRemove(@DeviceIoControl);
    end; {= DLL_PROCESS_DETACH =}
  end;
end;

begin
  DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.
The target .EXE run very well, until it tries to create a thread.
A crash is throw inside ntdll.dll code callstack:

Code:
:8d575653 
:77d196de ; 
:77d19658 ntdll.RtlInitializeCriticalSection + 0x88
:77cf2b06 ; 
:77cf2a2c ntdll.RtlExitUserThread + 0x4c
:75906a1b KERNEL32.BaseThreadInitThunk + 0x2b
:77d2ad8f ntdll.RtlInitializeExceptionChain + 0x8f
:77d2ad5a ntdll.RtlInitializeExceptionChain + 0x5a
I don't know what the hell is going on.
But in a blind shot, I commented out the DLLProc line and voilá

Code:
begin
  //DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.
The codes sent to DLLProc doesn't make sense either:

DLLInit: 0x00000001 => DLL_PROCESS_ATTACH
DLLInit: 0x6CBE2728
DLLInit: 0x6D992728
DLLInit: 0x064DBC38


By the way, it solves my problem.

Thanks Sir.

Last edited by phroyt; 04-28-2020 at 10:52. Reason: Thanks
Reply With Quote
  #4  
Old 05-01-2020, 16:11
TQN TQN is online now
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 281
Rept. Given: 122
Rept. Rcvd 10 Times in 8 Posts
Thanks Given: 47
Thanks Rcvd at 20 Times in 9 Posts
TQN Reputation: 10
Yes, confict/bug in DllEntryPoint function of your Delphi code.
When a thread created, system will call DllEntryPoint function with param DLL_THREAD_ATTACHED
Reply With Quote
The Following User Says Thank You to TQN For This Useful Post:
phroyt (05-03-2020)
  #5  
Old 05-03-2020, 07:51
phroyt phroyt is offline
Friend
 
Join Date: May 2018
Posts: 65
Rept. Given: 0
Rept. Rcvd 7 Times in 3 Posts
Thanks Given: 25
Thanks Rcvd at 93 Times in 37 Posts
phroyt Reputation: 7
Talking

That's the point.

I always thought it worked like this.

But unknown code are sent

Code:
DLLInit: 0x00000001 => DLL_PROCESS_ATTACH
DLLInit: 0x6CBE2728
DLLInit: 0x6D992728
DLLInit: 0x064DBC38
The normal values are:
Code:
  DLL_PROCESS_ATTACH = 1;
  {$EXTERNALSYM DLL_PROCESS_ATTACH}
  DLL_THREAD_ATTACH = 2;
  {$EXTERNALSYM DLL_THREAD_ATTACH}
  DLL_THREAD_DETACH = 3;
  {$EXTERNALSYM DLL_THREAD_DETACH}
  DLL_PROCESS_DETACH = 0;
  {$EXTERNALSYM DLL_PROCESS_DETACH}
The first one (DLL_PROCESS_ATTACH) is called by myself on BEGIN section.

Code:
begin
  //DLLProc := TDLLProc(@DllInit);
  DllInit(DLL_PROCESS_ATTACH);
end.
I tested moving this code to Unit Initialization Section and works like a charm too.

Like you said, probably a DLLProc erratic behavior.

Thanks
Reply With Quote
  #6  
Old 05-05-2020, 13:03
TQN TQN is online now
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 281
Rept. Given: 122
Rept. Rcvd 10 Times in 8 Posts
Thanks Given: 47
Thanks Rcvd at 20 Times in 9 Posts
TQN Reputation: 10
You can refer two documents:
1. http://docs.embarcadero.com/products/rad_studio/delphiAndcpp2009/HelpUpdate2/EN/html/delphivclwin32/System_DLLProc.html
2. https://www.delphipraxis.net/47406-dll-entry-function.html
Best regards,
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 07:28.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )