Iexplore hang

Nov 26, 2009 at 6:24 PM

I’m writing a small app to block some URLs on IE. For some reason when I hook to “InternetConnectA” or “InternetConnectW” and I combine it with hook to “InternetCloseHandle” IE freezes and stop to work, in other words when I combine “InternetCloseHandle” I will hav problems, bellow you’ll find some of my lines:

 

TBB.TBBMonInterface  Interface;

        LocalHook ConW,ConA,CloseH; 
       Stack<String> Queue = new Stack<String>();

         public Main(
           RemoteHooking.IContext InContext,


            String InChannelName)
        {
            // connect to host...
            Interface = RemoteHooking.IpcConnectClient<TBB.TBBMonInterface>(InChannelName);
            Interface.Ping();
        }

         public void Run(
            RemoteHooking.IContext InContext,
 
          String InChannelName)
        {
            // install hook...
            try
            {
                IntPtr handle = NativeAPI.LoadLibrary("c:\\windows\\system32\\wininet.dll"); 
                ConA = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "InternetConnectA"), new DInternetConnectA(InternetConnectA_Hook), this);
                ConA.ThreadACL.SetExclusiveACL (new Int32[] { 0 });

                ConW = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "InternetConnectW"), new DInternetConnectW(InternetConnectW_Hook), this);
 
              ConW.ThreadACL.SetExclusiveACL(new Int32[] { 0 });

 

                CloseH = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "InternetCloseHandle"), new DInternetClose(InternetCloseHandle_Hook), this);
                CloseH.ThreadACL.SetExclusiveACL(new Int32[] { 0 });

 

                NativeAPI.CloseHandle (handle);

            }

            catch (Exception ExtInfo)

            {

                Interface.ReportException(ExtInfo);

 

                return;

            }

 

…..

 

This is teh section when I hook, these are the hook definitions.

 

 

[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi, SetLastError = true)]

        private delegate IntPtr DInternetConnectA( IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext);

 

        [DllImport("WinInet.dll", EntryPoint = "InternetConnectA", CharSet = CharSet.Ansi, SetLastError = true)]
        private static extern IntPtr InternetConnectA( IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext);

 

        private static IntPtr InternetConnectA_Hook( IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext)

        {

 

            IntPtr vRes = InternetConnectA( hInternetSession, sServerName, nServerPort, sUserName, sPassword, lService, lFlags, lContext);
             return vRes;

        }

 

 

[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]

        private delegate IntPtr DInternetConnectW(IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext);

         [DllImport("wininet.dll", EntryPoint = "InternetConnectW", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr InternetConnectW(IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext);

 

        private static IntPtr InternetConnectW_Hook(IntPtr hInternetSession, string sServerName, UInt32 nServerPort, string sUserName, string sPassword, UInt32 lService, UInt32 lFlags, IntPtr lContext)

        {           

             IntPtr  vRes = InternetConnectW( hInternetSession, sServerName, nServerPort, sUserName, sPassword, lService, lFlags, lContext);         
           return vRes;

        }

  

 

[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]

        private delegate bool DInternetClose(IntPtr hInternet);

 

        [DllImport("wininet.dll", SetLastError = true)]
        private static extern bool InternetCloseHandle(IntPtr hInet);

 

        private static bool InternetCloseHandle_Hook(IntPtr hInternet)

        {         

 

            return InternetCloseHandle(hInternet);

        }

 

Nov 28, 2009 at 7:44 PM

not be sure, but from what I know, sometimes, MS injects also itself some things in their proper applications.... don't know if your problem comes from the method used to inject your code or a potential injection between you (easyhook) & MS, but if you are in 32 bits, did you try this the user32 AppInit_DLLs in the registry to inject your code or are you using the easyhook injection method (CreateRemoteThread, ...) ) : see this : http://www.codeproject.com/KB/system/hooksys.aspx ?

From my part, I have issues with EasyHook on injection propagation (Hooking CreateProcess to be injected in childs) : http://easyhook.codeplex.com/Thread/View.aspx?ThreadId=42827 :( if you have an idea, your help is welcome in this other thread ;)

 

Anyway, hope that the AppInit_DLLs will help you as IE is also a user32 client & don't know if you are in 64 bits or 32 but keep me inform if you test with AppInit_DLLs if you used it in 32 or 64 bits as it was normally documented for 32 bits platforms (from my side, I cannot use this injection method as I need sometime to be injected in process not potentially client of user32)

Louis

Nov 30, 2009 at 5:14 PM

I'm programming for 32 bits but I need 64 too. This is my Function for injection.

 private static  void CheckProcess(object source, System.Timers.ElapsedEventArgs e)
        {
           Process[] Prc = null;
            int x = 0;
            Prc = Process.GetProcesses();
            Process vProcess = default(Process);
            for (x = 0; x <= Prc.GetUpperBound(0); x++)
            {
                vProcess = Prc[x];
                if (vProcess.ProcessName == "iexplore" && IEProcess.IndexOf(vProcess.Id) == -1)
                {
                    IEProcess.Add(vProcess.Id);
                        try
                        {
                            RemoteHooking.Inject(vProcess.Id, "TBB_Hook.dll", "TBBHook.dll", ChannelName);
                            Console.WriteLine("[ " + vProcess.Id + " ] " + vProcess.ProcessName + " - Injected");
                        }
                        catch (Exception ex)
                        {
                               Console.WriteLine("[ " + vProcess.Id + " ] " + vProcess.ProcessName + " - Error ");

                        }
      
                    else
                    {

                        Console.WriteLine("[ " + vProcess.Id + " ] " + vProcess.ProcessName);

                    }
              }
            }
        }