go
go copied to clipboard
Published
3 weeks ago
•
golang
golang
runtime/cgo: get error when using Go function for Windows Vectored Exception Handling hook
What version of Go are you using (go version)?
$ go version go1.17.3 windows/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env windows amd64
What did you do?
package main
/*
#include "windows.h"
#include "stdio.h"
void WINAPI my_sleep(DWORD ms) {
printf("[?] Hooked Sleep Function Called!\n");
printf("Sleeping for: %d\n", ms);
}
LPVOID SleepA;
LONG NTAPI FirstVectExcepHandler(PEXCEPTION_POINTERS pExcepInfo)
{
if (pExcepInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) {
printf("HOOKED\n");
if (pExcepInfo->ContextRecord->Rip == (uintptr_t)SleepA) {
printf("SleepA\n");
pExcepInfo->ContextRecord->Rip = (uintptr_t)(my_sleep);
}
pExcepInfo->ContextRecord->EFlags |= 0x100;
return EXCEPTION_CONTINUE_EXECUTION;
}
else if (pExcepInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP) {
DWORD old;
VirtualProtect(SleepA, 1, PAGE_EXECUTE_READ | PAGE_GUARD, &old);
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_CONTINUE_SEARCH;
}
void set(LPVOID a) {
SleepA = a;
}
void test() {
AddVectoredExceptionHandler(1, &FirstVectExcepHandler);
}
int Mmain() {
test();
DWORD old;
VirtualProtect(Sleep, 1, PAGE_EXECUTE_READ | PAGE_GUARD, &old);
set(Sleep);
Sleep(30000);
Sleep(30000);
return 0;
}
*/
import "C"
func main() {
C.Mmain()
}
What did you expect to see?
HOOKED
SleepA
Exception 0x80000001 0x8 0x7ffef9729f30 0x744a0
PC=0x744a0
runtime: unknown pc 0x744a0
stack: frame={sp:0x29087ffa08, fp:0x0} stack=[0x0,0x29087ffb00)
0x00000029087ff908: 0x0000000000000000 0x00000000000eee78
0x00000029087ff918: 0x00000000000674f7 <runtime.asmcgocall+0x00000000000000b7> 0x0000000000000000
0x00000029087ff928: 0x0000000000000000 0x0000000000000000
0x00000029087ff938: 0x00007ffefac7c91e 0x0000000000000000
0x00000029087ff948: 0x00000029087ff960 0x000017ef5c79997d
0x00000029087ff958: 0x00007ffefac66800 0x00000029087ff980
0x00000029087ff968: 0x0000000000000000 0x0000000000000000
0x00000029087ff978: 0x00007ffefac7c8c8 0x0000000000000004
0x00000029087ff988: 0x0000000000004000 0x00007ffefadef000
0x00000029087ff998: 0x0000000000000000 0x00007ffefadef3f0
0x00000029087ff9a8: 0x00007ffeface761e 0x00000157917a2800
0x00000029087ff9b8: 0x00007ffef8319216 0x000000c000041f68
0x00000029087ff9c8: 0x0000000000060000 <runtime.(*_type).pkgpath+0x0000000000000060> 0x0000000000140013
0x00000029087ff9d8: 0x000000c0000160a8 0x00000029087ffa3c
0x00000029087ff9e8: 0x000000000006909e <runtime.asmstdcall+0x000000000000005e> 0x000000c000042000
0x00000029087ff9f8: 0x00000000000eea40 0x000000c000041f30
0x00000029087ffa08: <0x00000000000745e5 0x0000000000001000
0x00000029087ffa18: 0x00007ffef9729000 0x00007ffef9729f30
0x00000029087ffa28: 0x00007ffef83172bd 0x0000000000000004
0x00000029087ffa38: 0x00000020919ab7d0 0x000000c000041f68
0x00000029087ffa48: 0x0000000000074617 0x0000000000002000
0x00000029087ffa58: 0x000000000007487a 0x00000157919ab833
0x00000029087ffa68: 0x000000c000041ef8 0x000000c000041f68
0x00000029087ffa78: 0x00000000000eea40 0x000000c000041f68
0x00000029087ffa88: 0x00000000000674b3 <runtime.asmcgocall+0x0000000000000073> 0x0000000000000001
0x00000029087ffa98: 0x000000c000043700 0x3700000000000020
0x00000029087ffaa8: 0x0000000000000000 0x000000c00003a000
0x00000029087ffab8: 0x0000000000000100 0x000000c00003a000
0x00000029087ffac8: 0x000000000006550e <runtime.systemstack+0x000000000000004e> 0x00007ffffffeffff
0x00000029087ffad8: 0x00000000000a1d58 0x00000000000eea40
0x00000029087ffae8: 0x0000015791a713c0 0x0000000000065405 <runtime.mstart+0x0000000000000005>
0x00000029087ffaf8: 0x00000000000653b3 <runtime.rt0_go+0x0000000000000153>
runtime: unknown pc 0x744a0
stack: frame={sp:0x29087ffa08, fp:0x0} stack=[0x0,0x29087ffb00)
0x00000029087ff908: 0x0000000000000000 0x00000000000eee78
0x00000029087ff918: 0x00000000000674f7 <runtime.asmcgocall+0x00000000000000b7> 0x0000000000000000
0x00000029087ff928: 0x0000000000000000 0x0000000000000000
0x00000029087ff938: 0x00007ffefac7c91e 0x0000000000000000
0x00000029087ff948: 0x00000029087ff960 0x000017ef5c79997d
0x00000029087ff958: 0x00007ffefac66800 0x00000029087ff980
0x00000029087ff968: 0x0000000000000000 0x0000000000000000
0x00000029087ff978: 0x00007ffefac7c8c8 0x0000000000000004
0x00000029087ff988: 0x0000000000004000 0x00007ffefadef000
0x00000029087ff998: 0x0000000000000000 0x00007ffefadef3f0
0x00000029087ff9a8: 0x00007ffeface761e 0x00000157917a2800
0x00000029087ff9b8: 0x00007ffef8319216 0x000000c000041f68
0x00000029087ff9c8: 0x0000000000060000 <runtime.(*_type).pkgpath+0x0000000000000060> 0x0000000000140013
0x00000029087ff9d8: 0x000000c0000160a8 0x00000029087ffa3c
0x00000029087ff9e8: 0x000000000006909e <runtime.asmstdcall+0x000000000000005e> 0x000000c000042000
0x00000029087ff9f8: 0x00000000000eea40 0x000000c000041f30
0x00000029087ffa08: <0x00000000000745e5 0x0000000000001000
0x00000029087ffa18: 0x00007ffef9729000 0x00007ffef9729f30
0x00000029087ffa28: 0x00007ffef83172bd 0x0000000000000004
0x00000029087ffa38: 0x00000020919ab7d0 0x000000c000041f68
0x00000029087ffa48: 0x0000000000074617 0x0000000000002000
0x00000029087ffa58: 0x000000000007487a 0x00000157919ab833
0x00000029087ffa68: 0x000000c000041ef8 0x000000c000041f68
0x00000029087ffa78: 0x00000000000eea40 0x000000c000041f68
0x00000029087ffa88: 0x00000000000674b3 <runtime.asmcgocall+0x0000000000000073> 0x0000000000000001
0x00000029087ffa98: 0x000000c000043700 0x3700000000000020
0x00000029087ffaa8: 0x0000000000000000 0x000000c00003a000
0x00000029087ffab8: 0x0000000000000100 0x000000c00003a000
0x00000029087ffac8: 0x000000000006550e <runtime.systemstack+0x000000000000004e> 0x00007ffffffeffff
0x00000029087ffad8: 0x00000000000a1d58 0x00000000000eea40
0x00000029087ffae8: 0x0000015791a713c0 0x0000000000065405 <runtime.mstart+0x0000000000000005>
0x00000029087ffaf8: 0x00000000000653b3 <runtime.rt0_go+0x0000000000000153>
goroutine 1 [syscall]:
runtime.cgocall(0x74600, 0xc000041f68)
C:/Program Files/Go/src/runtime/cgocall.go:156 +0x4a fp=0xc000041f40 sp=0xc000041f08 pc=0x12faa
main._Cfunc_Mmain()
_cgo_gotypes.go:40 +0x56 fp=0xc000041f68 sp=0xc000041f40 pc=0x74436
main.main()
C:/test/main.go:60 +0x19 fp=0xc000041f80 sp=0xc000041f68 pc=0x74479
runtime.main()
C:/Program Files/Go/src/runtime/proc.go:255 +0x217 fp=0xc000041fe0 sp=0xc000041f80 pc=0x425f7
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000041fe8 sp=0xc000041fe0 pc=0x67821
rax 0x1
rbx 0x7ffef9729f30
rcx 0x7530
rdi 0xc000042000
rsi 0xeea40
rbp 0xc000041f30
rsp 0x29087ffa08
r8 0x29087ff9b8
r9 0x0
r10 0x0
r11 0x246
r12 0x88aae
r13 0x1
r14 0xc00003a000
r15 0xffffffffffffffff
rip 0x744a0
rflags 0x10306
cs 0x33
fs 0x53
gs 0x2b
What did you see instead?
error in go 1.18
HOOKED
SleepA
Exception 0x80000001 0x8 0x7ff9fec9ada0 0xe536c0
PC=0xe536c0
signal arrived during external code execution
runtime.cgocall(0xe53820, 0xc00009df68)
C:/Program Files/Go/src/runtime/cgocall.go:157 +0x4a fp=0xc00009df40 sp=0xc00009df08 pc=0xdf2f8a
main._Cfunc_Mmain()
_cgo_gotypes.go:43 +0x56 fp=0xc00009df68 sp=0xc00009df40 pc=0xe53656
main.main()
C:/test/main.go:60 +0x19 fp=0xc00009df80 sp=0xc00009df68 pc=0xe53699
runtime.main()
C:/Program Files/Go/src/runtime/proc.go:250 +0x1fe fp=0xc00009dfe0 sp=0xc00009df80 pc=0xe2241e
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00009dfe8 sp=0xc00009dfe0 pc=0xe46be1
rax 0x1
rbx 0x7ff9fec9ada0
rcx 0x7530
rdi 0xc00009e000
rsi 0xec8900
rbp 0xc00009df30
rsp 0x8a069ff728
r8 0x8a069ff6d8
r9 0x120
r10 0x0
r11 0x246
r12 0xe67e1d
r13 0x0
r14 0xc000030000
r15 0xffffffffffffffff
rip 0xe536c0
rflags 0x10302
cs 0x33
fs 0x53
gs 0x2b
@ianlancetaylor @aclements I can imagine this going wrong in interesting ways, not sure if we can support it. MS VEH article
