MemoryModulePP icon indicating copy to clipboard operation
MemoryModulePP copied to clipboard
verified publisher icon bb107

Crash!!!

Open warsark opened this issue 2 years ago • 3 comments

test.exe a normal exe with not use mmpp i comment this line:// const NTSTATUS Initializer = Initialize(); a.dll build with mmpp static libirary,export loaddll func void loaddll() { Initialize(); mmload("b.dll"); }

b.dll is a normal dll

test.exe void main() { hmodule hmod=loadlibrary(a.dll) call hmod.loaddll(); call freelibrary(hmod); //now everything is ok!

while(true) { sleep(1000); } }

a few moment ,the test.exe will crash!!!

warsark avatar Mar 27 '23 12:03 warsark

Hi, thanks for your feedback. Since MMPP hooks ntdll!RtlUserThreadStart and ntdll!LdrShutdownThread, once the Initialize function is called, this module (that is, a.dll) cannot be released.

bb107 avatar Mar 27 '23 13:03 bb107

if comment this line://call freelibrary(hmod); the test.exe is ok Add one func do the uninitialize, will be ok the b.dll loaded,the a.dll call unitialize then freelibrary,will be ok

warsark avatar Mar 27 '23 15:03 warsark

If b.dll does not use tls, you only need to comment the statement that initializes MmpTls (Initialize.cpp line 465). Otherwise, when a.dll is released, the program will inevitably crash.

bb107 avatar Mar 28 '23 03:03 bb107