flat assembler
Message board for the users of flat assembler.

Index > Windows > problem with SetTimer api in dll

Author
Thread Post new topic Reply to topic
john_25



Joined: 05 Jun 2014
Posts: 5
john_25 05 Jun 2014, 18:37
i created an injectable dll and in the "DllEntryPoint" i call SetTimer api to set a timer but somehow it doesn't sets the timer!

here is the code btw:
Code:
proc DllEntryPoint uses ebx esi edi,hinstDLL,fdwReason,lpvReserved

.if [fdwReason]=DLL_PROCESS_ATTACH
invoke SetTimer,NULL,0,100,TimerProc
.endif
mov eax,TRUE
ret

endp 

proc TimerProc uses ebx esi edi,hwnd:DWORD,uMsg:DWORD,idEvent:DWORD,dwTime:DWORD  

:my code ......

ret

endp
    

any ideas why SetTimer api doesn't sets the timer on the "TimerProc" callback function?!
btw,GetLastError returns 0 and SetTimer api returns an integer value so this means there's nothing wrong?!?!?!if nothing's wrong then why it doesn't sets the timer
?
Post 05 Jun 2014, 18:37
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 05 Jun 2014, 20:56
john_25
Quote:
if nothing's wrong then why it doesn't sets the timer?

Who said, it does not? It does. But I assume there's nobody, who's willing to process WM_TIMER for you.

_________________
Faith is a superposition of knowledge and fallacy
Post 05 Jun 2014, 20:56
View user's profile Send private message Reply with quote
john_25



Joined: 05 Jun 2014
Posts: 5
john_25 05 Jun 2014, 21:08
so you mean i can't set another timer via dll injection inside another process?
Post 05 Jun 2014, 21:08
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 05 Jun 2014, 21:17
john_25
I mean, you can, and the timer will post WM_TIMER messages to the thread's message queue. But this other process must be kind enough to take the messages from the message queue of the thread, that called LoadLibrary on your dll, and call the default handling procedure for these messages, so that the handling procedure calls your TimerProc. Otherwise the callback just won't be called.

In some cases of dll injection (such as the one with CreateRemoteThread) the thread exits right after calling LoadLibrary. If this is your case, it doesn't make any sense to hope, that your callback will ever be called.

_________________
Faith is a superposition of knowledge and fallacy
Post 05 Jun 2014, 21:17
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 06 Jun 2014, 01:50
SetTimer requires a message loop to be active somewhere within the process.
Post 06 Jun 2014, 01:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 06 Jun 2014, 03:34
It might be easier to create a thread and use Sleep but there is a risk that the process might use ret instead of ExitProcess and leave you with a zombie process.
Post 06 Jun 2014, 03:34
View user's profile Send private message Visit poster's website Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 06 Jun 2014, 11:45
revolution
I would not take such little hackers products into account. Nearly every legitimate program terminates by calling ExitProcess. ret is a bad practice anyway just because some API calls may allow themselves to create additional threads (such as GetOpenFileName).

But periodical checking for presence of other threads in a process is also trivial.

_________________
Faith is a superposition of knowledge and fallacy
Post 06 Jun 2014, 11:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 06 Jun 2014, 11:59
l_inc wrote:
But periodical checking for presence of other threads in a process is also trivial.
Adding and testing the code is not a big problem the main thing here is just to be aware of such possibilities.
Post 06 Jun 2014, 11:59
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.