Problem with executing an injected DLL?

X

xuvohocan2014-09-15 00:02:36

C++ / C#

xuvohocan, 2014-09-15 00:02:36

There is code in it used by the MinHook library. After the injection, a situation arises when the dll is executed and immediately closed i.e. the message (in this case) Return true is displayed and it doesn’t get to the hook of the function and writing the data. Someone knows what's the matter? Here is the listing

// dllmain.cpp: определяет точку входа для приложения DLL.
#include "stdafx.h"
#include <Windows.h>
#include "MinHook.h"
#include "WinInet.h"
#include <fstream>

using namespace std;

typedef int (WINAPI *HttpOpeRequest)(HINTERNET hConnect, LPCWSTR lpszVerb, LPCWSTR lpszObjectName,
  LPCWSTR lpszVersion, LPCWSTR lpszReferrer, LPCWSTR FAR * lplpszAcceptTypes, DWORD dwFlags, DWORD_PTR dwContext);

HttpOpeRequest tHttpOpenRequest = NULL;

void wrightFunck(HINTERNET, LPCWSTR, LPCWSTR ,
  LPCWSTR, LPCWSTR, LPCWSTR FAR *, DWORD, DWORD_PTR);

int WINAPI fHttpOpenRequestW(HINTERNET hConnect, LPCWSTR lpszVerb, LPCWSTR lpszObjectName,
  LPCWSTR lpszVersion, LPCWSTR lpszReferrer, LPCWSTR FAR * lplpszAcceptTypes, DWORD dwFlags, DWORD_PTR dwContext)
{
  wrightFunck(hConnect, lpszVerb, lpszObjectName, lpszVersion,
    lpszReferrer, lplpszAcceptTypes, dwFlags, dwContext);
  return tHttpOpenRequest(hConnect, lpszVerb, lpszObjectName,
    lpszVersion, lpszReferrer, lplpszAcceptTypes, dwFlags, dwContext);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
           )
{

  switch (ul_reason_for_call)
  {
    while (DLL_PROCESS_ATTACH)
    {
    
  case DLL_PROCESS_ATTACH:
    if (MH_Initialize() != MH_OK)
    {
      return 1;
    }
    if (MH_CreateHook(&HttpOpenRequest, &fHttpOpenRequestW,
      reinterpret_cast<void**>(&tHttpOpenRequest)) != MH_OK)
    {
      return 1;
    }
    if (MH_EnableHook(&HttpOpenRequest) != MH_OK)
    {
      return 1;
    }
  }
  }
  MessageBox(NULL, (const wchar_t*)L"return TRUE", (const wchar_t*)L"All right", MB_OK);
  return TRUE;
}

void wrightFunck(HINTERNET hConnect, LPCWSTR lpszVerb, LPCWSTR lpszObjectName,
  LPCWSTR lpszVersion, LPCWSTR lpszReferrer, LPCWSTR FAR * lplpszAcceptTypes, DWORD dwFlags, DWORD_PTR dwContext)
{
  MessageBox(NULL, (const wchar_t*)L"Wright fuck fucking go!!!", (const wchar_t*)L"All right", MB_OK);
  ofstream output("C:\\Data.txt", ios::out || ios::app);
  if (lpszVerb == (LPCWSTR) "POST")
  {
  
  output << hConnect << "\t" << lpszVerb << "\t" << lpszObjectName << "\t"
    << lpszVersion << "\t" << lpszReferrer << "\t"
    << lplpszAcceptTypes << "\t" << dwContext
    << "\n";
  }
  output.close();
}

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

E

Einherjar, 2014-09-15
@xuvohocan

What does dll "immediately closes" mean? A dll cannot "immediately close", it is unloaded only when the process unloads it. Do you immediately get DllMain with DLL_PROCESS_DETACH parameter or what? If you have already removed this clumsy cycle, then you should receive the message "return TRUE" immediately, that's right. And it will only come to the data writing hook when your process calls HttpOpenRequestW, unless, of course, all the specified hook installation functions worked fine. DllMain should not work in any cycles like WinMain, it is called when loading - everything that needs to be initialized there, and ends, and when unloading, all resources are freed there, and also ends. Dll with all the data and code between these two events continues to hang in the process memory.

J

jcmvbkbc, 2014-09-15
@jcmvbkbc

You have something strange (infinite loop) written here:
what do you mean?

D

Dmitry, 2014-09-15
@TrueBers

I don’t know what kind of crazy code you brought up, but a typical mistake of immediately unloading a DLL after loading is forgetting to blurt out a case-condition after fetching DLL_PROCESS_ATTACH or DLL_THREAD_ATTACH::

switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
  break;
case DLL_THREAD_ATTACH:
  break;
case DLL_THREAD_DETACH:
  break;
case DLL_PROCESS_DETACH:
  break;
}