TestDllInterceptor.exe Failed to hook CloseHandle from k ernel32.dll W8.1/W8 64bit
Categories
(Core :: mozglue, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | --- | unaffected |
firefox80 | --- | wontfix |
firefox81 | --- | verified |
People
(Reporter: bmaris, Assigned: toshi)
References
(Regression)
Details
(Keywords: regression)
Attachments
(2 files)
Affected versions
- Firefox 80.0b1
- Firefox 81.0a1
Affected platforms
- Windows 8.1 64bit
- Windows 8 64bit
Steps to reproduce
- Download https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/E1-AFSMqRfKZ526Ir20FQQ/runs/1/artifacts/public/build/target.cppunittest.tests.tar.gz (Fx80.0b1 - Windows 2012 x64 shippable opt Bpgo-B).
- Unzip the content.
- Copy mozglue.dll from target.zip (https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/E1-AFSMqRfKZ526Ir20FQQ/runs/1/artifacts/public/build/target.zip) in the unziped file from above.
- Open CMD in the folder the content was extracted in the previous step.
- Type 'TestDllInterceptor.exe' and hit Enter.
Expected result
- All the tests pass without failure.
Actual result
- TEST-UNEXPECTED-FAIL | WindowsDllInterceptor | Failed to hook CloseHandle from k
ernel32.dll
First 13 bytes of function:
FF 25 FE DF 11 00 90 90 90 90 90 90 FF
Regression range
- This does not reproduce on 79.0b9 so this can be said it's a regression in 80.0b1.
Additional notes
- Microsoft Visual C++ 2015-2019 is installed.
- Here is the full cmd output:
C:\Users\test\Desktop\DLL Shit\80.0b1\cppunittest>TestDllInterceptor.exe
TEST-PASS | WindowsDllInterceptor | Hook added
TEST-PASS | WindowsDllInterceptor | Hook called
TEST-PASS | WindowsDllInterceptor | Hook works properly
TEST-PASS | WindowsDllInterceptor | Hook was called after unregistration
TEST-PASS | WindowsDllInterceptor | Original function worked properly
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtMapViewOfSection
from ntdll.dll
TEST-PASS | WindowsDllInterceptor | MovPushRet
TEST-PASS | WindowsDllInterceptor | MovRaxJump
TEST-PASS | WindowsDllInterceptor | DoubleJump
TEST-PASS | WindowsDllInterceptor | MovPushRet
TEST-PASS | WindowsDllInterceptor | MovRaxJump
TEST-PASS | WindowsDllInterceptor | DoubleJump
TEST-PASS | WindowsDllInterceptor | Could hook NtCreateFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtCreateFile from n
tdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtReadFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtReadFile from ntd
ll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtReadFileScatter from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtReadFileScatter f
rom ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtWriteFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtWriteFile from nt
dll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtWriteFileGather from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtWriteFileGather f
rom ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtQueryFullAttributesFile from nt
dll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtQueryFullAttribut
esFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could detour LdrLoadDll from ntdll.dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched LdrLo
adDll.
TEST-PASS | WindowsDllInterceptor | Could hook LdrUnloadDll from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function LdrUnloadDll from n
tdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook LdrResolveDelayLoadedAPI from ntd
ll.dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched LdrRe
solveDelayLoadedAPI.
TEST-PASS | WindowsDllInterceptor | Could hook ApiSetQueryApiSetPresence from Ap
i-ms-win-core-apiquery-l1-1-0.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function ApiSetQueryApiSetPr
esence from Api-ms-win-core-apiquery-l1-1-0.dll
TEST-PASS | WindowsDllInterceptor | Could hook QueryDosDeviceW from kernelbase.d
ll
TEST-PASS | WindowsDllInterceptor | Executed hooked function QueryDosDeviceW fro
m kernelbase.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetFileAttributesW from kernel32.
dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetFileAttributesW
from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook SetUnhandledExceptionFilter from
kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function SetUnhandledExcepti
onFilter from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook CreateFileA from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function CreateFileA from ke
rnel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook TlsAlloc from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function TlsAlloc from kerne
l32.dll
TEST-PASS | WindowsDllInterceptor | Could hook TlsFree from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function TlsFree from kernel
32.dll
TEST-UNEXPECTED-FAIL | WindowsDllInterceptor | Failed to hook CloseHandle from k
ernel32.dll
First 13 bytes of function:
FF 25 FE DF 11 00 90 90 90 90 90 90 FF
Reporter | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
•
|
||
I think this is caused by bug 1642626. After that change, our detour applies a hook onto KERNELBASE!CloseHandle
, where JAE rel32
is not supported. No problem on Win10 because KERNELBASE!CloseHandle
on Win10 uses JAE rel8
which is supported.
KERNEL32!CloseHandle:
00007ffc`07671270 ff25ca311200 jmp qword ptr [KERNEL32!_imp_CloseHandle (00007ffc`07794440)] --> KERNELBASE!CloseHandle
KERNELBASE!CloseHandle:
00007ffc`04ac14c0 fff3 push rbx
00007ffc`04ac14c2 4883ec20 sub rsp,20h
00007ffc`04ac14c6 488bd9 mov rbx,rcx
00007ffc`04ac14c9 83f9f4 cmp ecx,0FFFFFFF4h
00007ffc`04ac14cc 0f83b93a0000 jae KERNELBASE!CloseHandle+0x35 (00007ffc`04ac4f8b) <<<<
00007ffc`04ac14d2 488bcb mov rcx,rbx
Assignee | ||
Comment 2•4 years ago
|
||
After the fix for bug 1642626, we need to detour KERNELBASE!CloseHandle
instead of K32's stub, which contains JAE rel32
.
I also found a mistake in the fix for bug 1642626. When we put a conditional
jump in a trampoline, we need to reverse a condition, but the JAE case mistakenly
filled JAE straight. This patch corrects it to filling JB.
Pushed by dluca@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5dfbee61f254 Support JAE rel32 in our detour. r=handyman
Updated•4 years ago
|
Comment 5•4 years ago
|
||
bugherder |
Comment 6•4 years ago
|
||
Is there a user impact here which would justify Beta uplift consideration? Please nominate if so.
Assignee | ||
Comment 7•4 years ago
|
||
This patch corrects our detour's behavior to detour CloseHandle
, but we hook CloseHandle
only when MOZ_ENABLE_HANDLE_VERIFIER
is set. I think this can wait.
Reporter | ||
Comment 8•4 years ago
|
||
I ran the TestDllInterceptor.dll test again from todays Nightly and I got the windows pop-up that the program has stopped working.
Here is the complete output from CMD:
C:\Users\test\Desktop\DLL\cppunittest>TestDllInterceptor.exe
TEST-PASS | WindowsDllInterceptor | Hook added
TEST-PASS | WindowsDllInterceptor | Hook called
TEST-PASS | WindowsDllInterceptor | Hook works properly
TEST-PASS | WindowsDllInterceptor | Hook was called after unregistration
TEST-PASS | WindowsDllInterceptor | Original function worked properly
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtMapViewOfSection
from ntdll.dll
TEST-PASS | WindowsDllInterceptor | MovPushRet
TEST-PASS | WindowsDllInterceptor | MovRaxJump
TEST-PASS | WindowsDllInterceptor | DoubleJump
TEST-PASS | WindowsDllInterceptor | NearJump
TEST-PASS | WindowsDllInterceptor | MovPushRet
TEST-PASS | WindowsDllInterceptor | MovRaxJump
TEST-PASS | WindowsDllInterceptor | DoubleJump
TEST-PASS | WindowsDllInterceptor | Could hook NtCreateFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtCreateFile from n
tdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtReadFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtReadFile from ntd
ll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtReadFileScatter from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtReadFileScatter f
rom ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtWriteFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtWriteFile from nt
dll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtWriteFileGather from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtWriteFileGather f
rom ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook NtQueryFullAttributesFile from nt
dll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function NtQueryFullAttribut
esFile from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Could detour LdrLoadDll from ntdll.dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched LdrLo
adDll.
TEST-PASS | WindowsDllInterceptor | Could hook LdrUnloadDll from ntdll.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function LdrUnloadDll from n
tdll.dll
TEST-PASS | WindowsDllInterceptor | Could hook LdrResolveDelayLoadedAPI from ntd
ll.dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched LdrRe
solveDelayLoadedAPI.
TEST-PASS | WindowsDllInterceptor | Could hook ApiSetQueryApiSetPresence from Ap
i-ms-win-core-apiquery-l1-1-0.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function ApiSetQueryApiSetPr
esence from Api-ms-win-core-apiquery-l1-1-0.dll
TEST-PASS | WindowsDllInterceptor | Could hook QueryDosDeviceW from kernelbase.d
ll
TEST-PASS | WindowsDllInterceptor | Executed hooked function QueryDosDeviceW fro
m kernelbase.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetFileAttributesW from kernel32.
dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetFileAttributesW
from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook SetUnhandledExceptionFilter from
kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function SetUnhandledExcepti
onFilter from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook CreateFileA from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function CreateFileA from ke
rnel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook TlsAlloc from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function TlsAlloc from kerne
l32.dll
TEST-PASS | WindowsDllInterceptor | Could hook TlsFree from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function TlsFree from kernel
32.dll
TEST-PASS | WindowsDllInterceptor | Could hook CloseHandle from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function CloseHandle from ke
rnel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook DuplicateHandle from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function DuplicateHandle fro
m kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could detour BaseThreadInitThunk from kernel
32.dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched BaseT
hreadInitThunk.
TEST-SKIPPED | WindowsDllInterceptor | Skipped hook test for RtlInstallFunctionT
ableCallback from kernel32.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetKeyState from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetKeyState from us
er32.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetWindowInfo from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetWindowInfo from
user32.dll
TEST-PASS | WindowsDllInterceptor | Could hook TrackPopupMenu from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function TrackPopupMenu from
user32.dll
TEST-PASS | WindowsDllInterceptor | Could detour CreateWindowExW from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function CreateWindowExW fro
m user32.dll
TEST-PASS | WindowsDllInterceptor | Could hook InSendMessageEx from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function InSendMessageEx fro
m user32.dll
TEST-PASS | WindowsDllInterceptor | Could hook SendMessageTimeoutW from user32.d
ll
TEST-PASS | WindowsDllInterceptor | Executed hooked function SendMessageTimeoutW
from user32.dll
TEST-PASS | WindowsDllInterceptor | Could hook SetCursorPos from user32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function SetCursorPos from u
ser32.dll
TEST-PASS | WindowsDllInterceptor | Could hook ImmGetContext from imm32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function ImmGetContext from
imm32.dll
TEST-PASS | WindowsDllInterceptor | Could hook ImmGetCompositionStringW from imm
32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function ImmGetCompositionSt
ringW from imm32.dll
TEST-PASS | WindowsDllInterceptor | Could hook ImmSetCandidateWindow from imm32.
dll
TEST-SKIPPED | WindowsDllInterceptor | Will not attempt to execute patched ImmSe
tCandidateWindow.
TEST-PASS | WindowsDllInterceptor | Could hook ImmNotifyIME from imm32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function ImmNotifyIME from i
mm32.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetSaveFileNameW from comdlg32.dl
l
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetSaveFileNameW fr
om comdlg32.dll
TEST-PASS | WindowsDllInterceptor | Could hook GetOpenFileNameW from comdlg32.dl
l
TEST-PASS | WindowsDllInterceptor | Executed hooked function GetOpenFileNameW fr
om comdlg32.dll
TEST-PASS | WindowsDllInterceptor | Could hook PrintDlgW from comdlg32.dll
TEST-PASS | WindowsDllInterceptor | Executed hooked function PrintDlgW from comd
lg32.dll
TEST-PASS | WindowsDllInterceptor | Could hook ProcessCaretEvents from tiptsf.dl
l
TEST-PASS | WindowsDllInterceptor | Executed hooked function ProcessCaretEvents
from tiptsf.dll
TEST-PASS | WindowsDllInterceptor | Could hook InternetOpenA from wininet.dll
C:\Users\test\Desktop\DLL\cppunittest>
Is this something we should worry about?
Assignee | ||
Comment 9•4 years ago
|
||
(In reply to Bogdan Maris [:bogdan_maris], Release Desktop QA from comment #8)
I ran the TestDllInterceptor.dll test again from todays Nightly and I got the windows pop-up that the program has stopped working.
Here is the complete output from CMD:
C:\Users\test\Desktop\DLL\cppunittest>TestDllInterceptor.exe TEST-PASS | WindowsDllInterceptor | Hook added (...snip...) TEST-PASS | WindowsDllInterceptor | Could hook InternetOpenA from wininet.dll C:\Users\test\Desktop\DLL\cppunittest>
Is this something we should worry about?
Thank you for reporting this. Yes, we should find out the root cause to assess the severity. Given that hooking CloseHandle
passed, this is different from bug 1655680. Can you please file a new bug? I assume you're running TestDllInterceptor.exe on Windows 8. I verified no failure on Win10.
Reporter | ||
Comment 10•4 years ago
|
||
(In reply to Toshihito Kikuchi [:toshi] from comment #9)
(In reply to Bogdan Maris [:bogdan_maris], Release Desktop QA from comment #8)
I ran the TestDllInterceptor.dll test again from todays Nightly and I got the windows pop-up that the program has stopped working.
Here is the complete output from CMD:
C:\Users\test\Desktop\DLL\cppunittest>TestDllInterceptor.exe TEST-PASS | WindowsDllInterceptor | Hook added (...snip...) TEST-PASS | WindowsDllInterceptor | Could hook InternetOpenA from wininet.dll C:\Users\test\Desktop\DLL\cppunittest>
Is this something we should worry about?
Thank you for reporting this. Yes, we should find out the root cause to assess the severity. Given that hooking
CloseHandle
passed, this is different from bug 1655680. Can you please file a new bug? I assume you're running TestDllInterceptor.exe on Windows 8. I verified no failure on Win10.
You are correct I'm using Windows 8 on a VM. I logged bug 1659398 for that issue and will go ahead and close this bug since CloseHandle
was successfully hooked.
Reporter | ||
Updated•4 years ago
|
Description
•