Qt crash on attach dll

A Former User

Hello! So i've got the following code going inside a dll (c++)

int myLibraryExec() {
	char appName[] = "Project";
	char *an = appName;
	int argc = 0;
	QApplication app(argc, &an);
	app.exec();
	return 0;
}

int mainFunction() {
	if (console.allocateConsole()) {
		std::cout << "Successful Injection!" << std::endl;
	}
	std::cout << "Trying" << std::endl;
	int app = myLibraryExec();
	std::cout << "xd" << std::endl;
	return 0;
}


BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
		hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)mainFunction, (LPVOID)hModule, 0, NULL);
		if (hThread == NULL) {
			return 0;
		}
	}
	else if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
	}
	else if (ul_reason_for_call == DLL_PROCESS_DETACH) {
	}
	else if (ul_reason_for_call == DLL_THREAD_DETACH) {
	}
	return TRUE;
}

It compiles fine, but when i try to attach it to a process to make sure it works, it crashes at the QApplication line, it never gets to exec().

Any help would be appreciated.

JonB

@Mehodin
http://doc.qt.io/qt-5/qapplication.html#QApplication

In addition, argc must be greater than zero

? Did you mean int argc = 1; ?

A Former User

@JonB that crashes aswel

JonB

@Mehodin
That was quick to test! Gotta start somewhere... :)

A Former User

thank you, yeah @JonB i had already tried that haha. tried it again after i replied to make sure.

int mainFunction() {
	if (console.allocateConsole()) {
		std::cout << "Successful Attachment!" << std::endl;
	}
	char appName[] = "Project";
	char *an = appName;
	int argc = 1;
	QApplication app(argc, &an);
	app.exec();
	return 0;
}

JonB

@Mehodin
Humor me:

int argc = 1;
char *argv[] = { appname, 0 };
QApplication app(argc, argv);

A Former User

worth a try, but didnt work lol @JonB

SGaist

Hi,

Did you check the stack trace ?

You should check the solution provided in this stackoverflow thread.

hskoglund

Hi, one problem though: you're launching a QApplication inside your DLL's DLLMain using a CreateThread call and that is a risky business at best, usually it crashes :-( See more here about what is supported by Windows inside a DLLMain

A Former User

@hskoglund @SGaist heyhey, so i tried that but i can't seem to figure out where MainWindow comes from, so i turned it into a QMainWindow

But it still crashes...

Doesn't matter whether i call it inside the CreateThread or outside of it...

static struct Data {
	int argc = 1;
	char *argv[2] = { strdup("dummy"), {} };
	QApplication app{ argc, argv };
	QMainWindow win;
} *d;

static void startup() {
	d = new Data;
	d->win.show();
	d->app.processEvents();
}

static void shutdown() {
	delete d;
}

int mainFunction() {
	if (console.allocateConsole()) {
		std::cout << "Successful Attachment!" << std::endl;
	}
	startup();
	return 0;
}


BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
		hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)mainFunction, (LPVOID)hModule, 0, NULL);

		if (hThread == NULL) {
			return 0;
		}
	}
	else if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
	}
	else if (ul_reason_for_call == DLL_PROCESS_DETACH) {
	}
	else if (ul_reason_for_call == DLL_THREAD_DETACH) {
	}
	return TRUE;
}

and

static struct Data {
	int argc = 1;
	char *argv[2] = { strdup("dummy"), {} };
	QApplication app{ argc, argv };
	QMainWindow win;
} *d;

static void startup() {
	d = new Data;
	d->win.show();
	d->app.processEvents();
}

static void shutdown() {
	delete d;
}

int mainFunction() {
	if (console.allocateConsole()) {
		std::cout << "Successful Attachment!" << std::endl;
	}
	return 0;
}


BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
		hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)mainFunction, (LPVOID)hModule, 0, NULL);
 	        startup();
		if (hThread == NULL) {
			return 0;
		}
	}
	else if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
	}
	else if (ul_reason_for_call == DLL_PROCESS_DETACH) {
	}
	else if (ul_reason_for_call == DLL_THREAD_DETACH) {
	}
	return TRUE;
}

hskoglund

If you skip calling CreateThread(), remove the hThread variable and just call startup() does it still crash?

A Former User

@hskoglund yes, sadly it does.

#include "stdafx.h"
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string> 

#include "memoryManager.h"
#include "consoleManager.h"
#include "Addresses.h"

#include <QtWidgets/QApplication>
#include <QtWidgets/QPushbutton>
#include <QtWidgets/QMainWindow>

// DEFENITIONS
#define _CRT_SECURE_NO_DEPRECATE

HANDLE hThread;

memoryManager memory = memoryManager();
consoleManager console = consoleManager();
static struct Data {
	int argc = 1;
	char *argv[2] = { strdup("dummy"), {} };
	QApplication app{ argc, argv };//
	QMainWindow win;//
} *d;

static void startup() {
	d = new Data;
	d->win.show();
	d->app.processEvents();
}

static void shutdown() {
	delete d;
}

int mainFunction() {
	if (console.allocateConsole()) {
		std::cout << "Successful Attachment!" << std::endl;
	}
	startup();
	return 0;
} 


BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
		startup();
		//hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)mainFunction, (LPVOID)hModule, 0, NULL);
		//if (hThread == NULL) {
		//	return 0;
		//}
	}
	else if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
	}
	else if (ul_reason_for_call == DLL_PROCESS_DETACH) {
		shutdown();
	}
	else if (ul_reason_for_call == DLL_THREAD_DETACH) {
	}
	return TRUE;
}

yes it does...

A Former User

Anyone has an idea?...

SGaist

Again: what about the stack trace ?