search

Dewera / Lunar

A lightweight native DLL mapping library that supports mapping directly from memory
MIT License
584 stars 102 forks source link

x86 inject problem #42

Closed zxcvqwerasdf closed 1 year ago

zxcvqwerasdf commented 1 year ago

Win 10 x64 22H2 Error is here:

  1. if (_processContext.Architecture == Architecture.X86)
    {
        try
        {
            functionTableAddress = _processContext.GetNtdllSymbolAddress("LdrpInvertedFunctionTables"); //<---- first going here
        }

        catch
        {
            functionTableAddress = _processContext.GetNtdllSymbolAddress("LdrpInvertedFunctionTable");
        }
    }

  2. In internal Symbol GetSymbol(string symbolName) in SymbolHandler.cs

    ....
....
if (!Dbghelp.SymFromName(currentProcessHandle, symbolName, out Unsafe.As<byte, SymbolInfo>(ref symbolInformationBytes[0])))
    {
        throw new Win32Exception(); //<----- throwing error here
    }

  3. Next is catch block with 

    functionTableAddress = _processContext.GetNtdllSymbolAddress("LdrpInvertedFunctionTable");

  4. But for this time error throwing here (SymbolHandler.cs GetSymbol)

    if (symbolTableAddress == 0)
    {
        throw new Win32Exception();
    }

If i comment 

InsertExceptionHandlers();

in MapLibrary in LibraryMapper.cs then its going works

zxcvqwerasdf commented 1 year ago

Tried build Lunar in x64/86 - same With x64 dlls and x64 processes - no problem

Dewera commented 1 year ago

Thanks for reporting, I think I've found the issue. When the first call fails it doesn't clean up the symbol handler resources which causes the second call to return a null result - If I clean up the resources prior to a second call it works fine. I'll do some more testing and hopefully have a fix out soon

Dewera commented 1 year ago

The issue mentioned here should be fixed with the latest commit, let me know if this solves the entire problem.