Jump to content
Sign in to follow this  
highfeeling

Problem with MemoryDllOpen func on windows 2012 servers

Recommended Posts

highfeeling

Hi all,

since 2011, I published a tool called Overmon (http://www.overmon.fr)

This tools is currently used by more than 700 french companies.

Now, I have some users who complained about regular crashes which occurs on new Windows 2012 servers.

After investigating, I discover the problem is localized into "core" MemoryDllOpen function :

Func MemoryDllOpen($DllBinary)
If Not IsDllStruct($_MDCodeBuffer) Then MemoryDllInit()
Local $Ret = DllCall($_MDKernel32Dll, "hwnd", "LoadLibraryA", "str", "kernel32.dll")
Local $GetProcAddress = DllCall($_MDKernel32Dll, "uint", "GetProcAddress", "hwnd", $Ret[0], "str", "GetProcAddress")
Local $LoadLibraryA = DllCall($_MDKernel32Dll, "uint", "GetProcAddress", "hwnd", $Ret[0], "str", "LoadLibraryA")
Local $DllBuffer = DllStructCreate("byte[" & BinaryLen($DllBinary) & "]")
DllStructSetData($DllBuffer, 1, $DllBinary)
MemoryFuncSet(DllStructGetPtr($_MDCodeBuffer) + $_MDLoadOffset)
FileWriteLine($MainLocalLogFile, @YEAR & "/" & @MON & "/" & @MDAY & " " & @HOUR & "-" & @MIN & "-" & @SEC & " : " & ". DEBUG008")
Local $Module = DllCall($_MDKernel32Dll, "uint", $_MFHookApi, "uint", $LoadLibraryA[0], "uint", $GetProcAddress[0], "ptr", DllStructGetPtr($DllBuffer))
FileWriteLine($MainLocalLogFile, @YEAR & "/" & @MON & "/" & @MDAY & " " & @HOUR & "-" & @MIN & "-" & @SEC & " : " & ". DEBUG009")
$DllBuffer = 0
Return $Module[0]
EndFunc

Here is the line which crash :

Local $Module = DllCall($_MDKernel32Dll, "uint", $_MFHookApi, "uint", $LoadLibraryA[0], "uint", $GetProcAddress[0], "ptr", DllStructGetPtr($DllBuffer))

Can you tell me please if you are aware about such problems on Win2012 servers ?

Seb

P.S. : Obviously, I use last version of AutoIT (v3.3.8.1)

Share this post


Link to post
Share on other sites
UEZ

The problem is UAC DEP. Add the program to the exception list and it should work.

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
KaFu

The problem is that you do not use the latest version of that Ward's which addresses the UAC DEP issue mentioned by UEZ.

Edit: Read, think, post :)...

Edited by KaFu

Share this post


Link to post
Share on other sites
UEZ

The memory UDF needs still some modification to work properly when DEP is enabled.

One workaround is to add the exe to the exception list as already said or disable the DEP policy for the current process:

DllCall("Kernel32.dll", "long", "SetProcessDEPPolicy", "long", False)

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
JFX

There is also trancexx's subrogation which works great.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×