C++ WriteProcessMemory makes MessageBox crash the programm
i want to write a little AntiHack and i have a problem with one part of it. The idea was to prevent from dll injecting by hooking the LdrLoadDll from NTDLL.DLL. I found a function by googling which do this:
// function call: BlockAPI(m_hProc, "NTDLL.DLL", "LdrLoadDll");
bool zProtect::BlockAPI(HANDLE hProcess, char* libName, char* apiName)
{
BYTE pRet[]={ 0x31, 0xC0, // XOR eax, eax
0xC3 }; // RET
HINSTANCE hLib = NULL;
VOID *pAddr = NULL;
bool bRet = FALSE;
DWORD dwRet = 0;
hLib = LoadLibrary(libName);
if(hLib)
{
pAddr = (VOID*)GetProcAddress(hLib, apiName);
if(pAddr)
{
DWORD dwback;
if(!VirtualProtectEx(hProcess, (LPVOID)pAddr, sizeof(pRet), PAGE_EXECUTE_READWRITE, &dwback))
return false;
if(WriteProcessMemory(hProcess, (LPVOID)pAddr, &pRet, sizeof (pRet), &dwRet))
{
if(dwRet)
bRet = TRUE;
}
if(!VirtualProtectEx(hProcess, (LPVOID)pAddr, sizeof(pRet), dwback, &dwback))
return false;
}
FreeLibrary(hLib);
}
return bRet;
}
It's working fine, BUT MessageBox(NULL, msg, "DETECTED", MB_OK); crashes if it is excuted after BlockApi(..);
Ausnahme (erste Chance) bei 0x75312113 (user32.dll) in DLLTester.exe: 0xC0000005: Zugriffsverletzung beim Lesen an Position 0x0000002D Unbehandelte Ausnahme bei 0x75312113 (user32.dll) in DLLTester.exe: 0xC000041D: Ausnahmefehler während eines Benutzerrückrufs
Thanks, lolxdfly
Edit: I found out, that before the crash with the MessageBox happen the previous call is the Sleep(1000); from my detecting thread!
Old Problem (Crash in Release Mode) was fixed!
lolxdfly1 Answer
It is very simple...
Whoever calls LoadLibrary, will crash. Why MessageBox causes loading a DLL? No idea... maybe it wants to load some resource DLL for the icon.
(by Pavel A)
I'll try to replace the LdrLoadDll function with a function, which checks every loaded dll with GetModuleHandle. (I dont know if this is possible!)
Edit: For those, who wants to know: The MessageBox(...); loads
"C:\WINDOWS\system32\uxtheme.dll"
!
User contributions licensed under CC BY-SA 3.0