Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime/cgo: get error when using Go function for Windows Vectored Exception Handling hook #52763

Open
timwhitez opened this issue May 7, 2022 · 2 comments
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows
Milestone

Comments

@timwhitez
Copy link

What version of Go are you using (go version)?

$ go version
go1.17.3 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
windows
amd64

What did you do?

package main

/*
#include "windows.h"
#include "stdio.h"

void WINAPI my_sleep(DWORD ms) {
    printf("[?] Hooked Sleep Function Called!\n");
    printf("Sleeping for: %d\n", ms);
}

LPVOID SleepA;

LONG NTAPI FirstVectExcepHandler(PEXCEPTION_POINTERS pExcepInfo)
{
    if (pExcepInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) {
        printf("HOOKED\n");
        if (pExcepInfo->ContextRecord->Rip == (uintptr_t)SleepA) {
            printf("SleepA\n");
            pExcepInfo->ContextRecord->Rip = (uintptr_t)(my_sleep);
        }

        pExcepInfo->ContextRecord->EFlags |= 0x100; 
        return EXCEPTION_CONTINUE_EXECUTION;
    }
    else if (pExcepInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP) {
        DWORD old;
        VirtualProtect(SleepA, 1, PAGE_EXECUTE_READ | PAGE_GUARD, &old); 

        return EXCEPTION_CONTINUE_EXECUTION;
    }

    return EXCEPTION_CONTINUE_SEARCH; 
}

void set(LPVOID a) {
    SleepA = a;
}
void test() {
    AddVectoredExceptionHandler(1, &FirstVectExcepHandler);
}


int Mmain() {
    test();
    DWORD old;
    VirtualProtect(Sleep, 1, PAGE_EXECUTE_READ | PAGE_GUARD, &old);
    set(Sleep);
    Sleep(30000);
    Sleep(30000);
    return 0;
}

*/
import "C"

func main() {
	C.Mmain()
}

What did you expect to see?

HOOKED
SleepA
Exception 0x80000001 0x8 0x7ffef9729f30 0x744a0
PC=0x744a0

runtime: unknown pc 0x744a0
stack: frame={sp:0x29087ffa08, fp:0x0} stack=[0x0,0x29087ffb00)
0x00000029087ff908:  0x0000000000000000  0x00000000000eee78
0x00000029087ff918:  0x00000000000674f7 <runtime.asmcgocall+0x00000000000000b7>  0x0000000000000000
0x00000029087ff928:  0x0000000000000000  0x0000000000000000
0x00000029087ff938:  0x00007ffefac7c91e  0x0000000000000000
0x00000029087ff948:  0x00000029087ff960  0x000017ef5c79997d
0x00000029087ff958:  0x00007ffefac66800  0x00000029087ff980
0x00000029087ff968:  0x0000000000000000  0x0000000000000000
0x00000029087ff978:  0x00007ffefac7c8c8  0x0000000000000004
0x00000029087ff988:  0x0000000000004000  0x00007ffefadef000
0x00000029087ff998:  0x0000000000000000  0x00007ffefadef3f0
0x00000029087ff9a8:  0x00007ffeface761e  0x00000157917a2800
0x00000029087ff9b8:  0x00007ffef8319216  0x000000c000041f68
0x00000029087ff9c8:  0x0000000000060000 <runtime.(*_type).pkgpath+0x0000000000000060>  0x0000000000140013
0x00000029087ff9d8:  0x000000c0000160a8  0x00000029087ffa3c
0x00000029087ff9e8:  0x000000000006909e <runtime.asmstdcall+0x000000000000005e>  0x000000c000042000
0x00000029087ff9f8:  0x00000000000eea40  0x000000c000041f30
0x00000029087ffa08: <0x00000000000745e5  0x0000000000001000
0x00000029087ffa18:  0x00007ffef9729000  0x00007ffef9729f30
0x00000029087ffa28:  0x00007ffef83172bd  0x0000000000000004
0x00000029087ffa38:  0x00000020919ab7d0  0x000000c000041f68
0x00000029087ffa48:  0x0000000000074617  0x0000000000002000
0x00000029087ffa58:  0x000000000007487a  0x00000157919ab833
0x00000029087ffa68:  0x000000c000041ef8  0x000000c000041f68
0x00000029087ffa78:  0x00000000000eea40  0x000000c000041f68
0x00000029087ffa88:  0x00000000000674b3 <runtime.asmcgocall+0x0000000000000073>  0x0000000000000001
0x00000029087ffa98:  0x000000c000043700  0x3700000000000020
0x00000029087ffaa8:  0x0000000000000000  0x000000c00003a000
0x00000029087ffab8:  0x0000000000000100  0x000000c00003a000
0x00000029087ffac8:  0x000000000006550e <runtime.systemstack+0x000000000000004e>  0x00007ffffffeffff
0x00000029087ffad8:  0x00000000000a1d58  0x00000000000eea40
0x00000029087ffae8:  0x0000015791a713c0  0x0000000000065405 <runtime.mstart+0x0000000000000005>
0x00000029087ffaf8:  0x00000000000653b3 <runtime.rt0_go+0x0000000000000153>
runtime: unknown pc 0x744a0
stack: frame={sp:0x29087ffa08, fp:0x0} stack=[0x0,0x29087ffb00)
0x00000029087ff908:  0x0000000000000000  0x00000000000eee78
0x00000029087ff918:  0x00000000000674f7 <runtime.asmcgocall+0x00000000000000b7>  0x0000000000000000
0x00000029087ff928:  0x0000000000000000  0x0000000000000000
0x00000029087ff938:  0x00007ffefac7c91e  0x0000000000000000
0x00000029087ff948:  0x00000029087ff960  0x000017ef5c79997d
0x00000029087ff958:  0x00007ffefac66800  0x00000029087ff980
0x00000029087ff968:  0x0000000000000000  0x0000000000000000
0x00000029087ff978:  0x00007ffefac7c8c8  0x0000000000000004
0x00000029087ff988:  0x0000000000004000  0x00007ffefadef000
0x00000029087ff998:  0x0000000000000000  0x00007ffefadef3f0
0x00000029087ff9a8:  0x00007ffeface761e  0x00000157917a2800
0x00000029087ff9b8:  0x00007ffef8319216  0x000000c000041f68
0x00000029087ff9c8:  0x0000000000060000 <runtime.(*_type).pkgpath+0x0000000000000060>  0x0000000000140013
0x00000029087ff9d8:  0x000000c0000160a8  0x00000029087ffa3c
0x00000029087ff9e8:  0x000000000006909e <runtime.asmstdcall+0x000000000000005e>  0x000000c000042000
0x00000029087ff9f8:  0x00000000000eea40  0x000000c000041f30
0x00000029087ffa08: <0x00000000000745e5  0x0000000000001000
0x00000029087ffa18:  0x00007ffef9729000  0x00007ffef9729f30
0x00000029087ffa28:  0x00007ffef83172bd  0x0000000000000004
0x00000029087ffa38:  0x00000020919ab7d0  0x000000c000041f68
0x00000029087ffa48:  0x0000000000074617  0x0000000000002000
0x00000029087ffa58:  0x000000000007487a  0x00000157919ab833
0x00000029087ffa68:  0x000000c000041ef8  0x000000c000041f68
0x00000029087ffa78:  0x00000000000eea40  0x000000c000041f68
0x00000029087ffa88:  0x00000000000674b3 <runtime.asmcgocall+0x0000000000000073>  0x0000000000000001
0x00000029087ffa98:  0x000000c000043700  0x3700000000000020
0x00000029087ffaa8:  0x0000000000000000  0x000000c00003a000
0x00000029087ffab8:  0x0000000000000100  0x000000c00003a000
0x00000029087ffac8:  0x000000000006550e <runtime.systemstack+0x000000000000004e>  0x00007ffffffeffff
0x00000029087ffad8:  0x00000000000a1d58  0x00000000000eea40
0x00000029087ffae8:  0x0000015791a713c0  0x0000000000065405 <runtime.mstart+0x0000000000000005>
0x00000029087ffaf8:  0x00000000000653b3 <runtime.rt0_go+0x0000000000000153>

goroutine 1 [syscall]:
runtime.cgocall(0x74600, 0xc000041f68)
        C:/Program Files/Go/src/runtime/cgocall.go:156 +0x4a fp=0xc000041f40 sp=0xc000041f08 pc=0x12faa
main._Cfunc_Mmain()
        _cgo_gotypes.go:40 +0x56 fp=0xc000041f68 sp=0xc000041f40 pc=0x74436
main.main()
        C:/test/main.go:60 +0x19 fp=0xc000041f80 sp=0xc000041f68 pc=0x74479
runtime.main()
        C:/Program Files/Go/src/runtime/proc.go:255 +0x217 fp=0xc000041fe0 sp=0xc000041f80 pc=0x425f7
runtime.goexit()
        C:/Program Files/Go/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000041fe8 sp=0xc000041fe0 pc=0x67821
rax     0x1
rbx     0x7ffef9729f30
rcx     0x7530
rdi     0xc000042000
rsi     0xeea40
rbp     0xc000041f30
rsp     0x29087ffa08
r8      0x29087ff9b8
r9      0x0
r10     0x0
r11     0x246
r12     0x88aae
r13     0x1
r14     0xc00003a000
r15     0xffffffffffffffff
rip     0x744a0
rflags  0x10306
cs      0x33
fs      0x53
gs      0x2b

What did you see instead?

@timwhitez
Copy link
Author

error in go 1.18

HOOKED
SleepA
Exception 0x80000001 0x8 0x7ff9fec9ada0 0xe536c0
PC=0xe536c0
signal arrived during external code execution

runtime.cgocall(0xe53820, 0xc00009df68)
        C:/Program Files/Go/src/runtime/cgocall.go:157 +0x4a fp=0xc00009df40 sp=0xc00009df08 pc=0xdf2f8a
main._Cfunc_Mmain()
        _cgo_gotypes.go:43 +0x56 fp=0xc00009df68 sp=0xc00009df40 pc=0xe53656
main.main()
        C:/test/main.go:60 +0x19 fp=0xc00009df80 sp=0xc00009df68 pc=0xe53699
runtime.main()
        C:/Program Files/Go/src/runtime/proc.go:250 +0x1fe fp=0xc00009dfe0 sp=0xc00009df80 pc=0xe2241e
runtime.goexit()
        C:/Program Files/Go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00009dfe8 sp=0xc00009dfe0 pc=0xe46be1
rax     0x1
rbx     0x7ff9fec9ada0
rcx     0x7530
rdi     0xc00009e000
rsi     0xec8900
rbp     0xc00009df30
rsp     0x8a069ff728
r8      0x8a069ff6d8
r9      0x120
r10     0x0
r11     0x246
r12     0xe67e1d
r13     0x0
r14     0xc000030000
r15     0xffffffffffffffff
rip     0xe536c0
rflags  0x10302
cs      0x33
fs      0x53
gs      0x2b

@dr2chase dr2chase changed the title affected/package: get error when using cgo for veh hook cgo: get error when using Go function for Windows Vectored Exception Handling hook May 8, 2022
@dr2chase
Copy link
Contributor

dr2chase commented May 8, 2022

@ianlancetaylor @aclements
I can imagine this going wrong in interesting ways, not sure if we can support it.
MS VEH article

@dr2chase dr2chase added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 8, 2022
@seankhliao seankhliao added this to the Unplanned milestone Aug 20, 2022
@seankhliao seankhliao changed the title cgo: get error when using Go function for Windows Vectored Exception Handling hook runtime/cgo: get error when using Go function for Windows Vectored Exception Handling hook Aug 20, 2022
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Aug 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows
Projects
None yet
Development

No branches or pull requests

5 participants