1

I was experimenting with writing a forward only wrapper that expose the function of the original dll, I decided to play with chromium "chrome.dll", my code seem to work, chromes open but nothing loads and I get STACK_BUFFER_STATUS_OVERRUN and no logs. chromium STACK_BUFFER_STATUS_OVERRUN error

The wrapper takes the name of the original dll 'chrome.dll' and loads the real original dll that was renamed to 'chrome1.dll' Here is the code of the wrapper:

#include <windows.h>
#include <stdio.h>
#include <stdint.h>

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved)
{
    return TRUE;
}

The .def

LIBRARY "chrome"
EXPORTS
  ChromeMain = chrome1.ChromeMain
  CrashForExceptionInNonABICompliantCodeRange = chrome1.CrashForExceptionInNonABICompliantCodeRange
  GetHandleVerifier = chrome1.GetHandleVerifier
  IsSandboxedProcess = chrome1.IsSandboxedProcess
  RelaunchChromeBrowserWithNewCommandLineIfNeeded = chrome1.RelaunchChromeBrowserWithNewCommandLineIfNeeded
  sqlite3_dbdata_init = chrome1.sqlite3_dbdata_init

The original dumpbin export :

Dump of file chrome1.dll

File Type: DLL

  Section contains the following exports for chrome.dll

    00000000 characteristics
           0 time date stamp
        0.00 version
           1 ordinal base
           6 number of functions
           6 number of names

    ordinal hint RVA      name

          1    0 00702910 ChromeMain
          2    1 069D08A0 CrashForExceptionInNonABICompliantCodeRange
          3    2 0292C470 GetHandleVerifier
          4    3 032B5540 IsSandboxedProcess
          5    4 02882DA0 RelaunchChromeBrowserWithNewCommandLineIfNeeded
          6    5 09899210 sqlite3_dbdata_init

  Summary

      349000 .data
        1000 .fptable
      5F4000 .pdata
     1AA3000 .rdata
      19E000 .reloc
        2000 .rodata
       24000 .rsrc
     CD26000 .text
        1000 .tls
        1000 CPADinfo
        2000 LZMADEC
        1000 _RDATA
        1000 malloc_h
        1000 prot

The GCC mingw64 build command :

x86_64-w64-mingw32-gcc -shared -o chrome.dll final.c chrome.def -luser32 -lkernel32 -m64

I expected chrome to load my wrapper and work correctly as, shown in windbg that wrapper does load including the original dll : Working, with original DLL:


ModLoad: 00007ff6`bc450000 00007ff6`bc765000   chrome.exe
ModLoad: 00007ff8`0ddb0000 00007ff8`0dfa8000   ntdll.dll
ModLoad: 00007ff8`0ce70000 00007ff8`0cf2f000   C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ff8`0b830000 00007ff8`0bb26000   C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007fff`bdc40000 00007fff`bddfa000   C:\Users\PC\AppData\Local\Chromium\Application\139.0.7258.154\chrome_elf.dll
ModLoad: 00007ff8`03150000 00007ff8`0315a000   C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ff8`0c490000 00007ff8`0c52e000   C:\Windows\System32\msvcrt.dll
(5b88.52d0): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff8`0de80910 cc              int     3
0:000> g
ModLoad: 00007ff8`0b5e0000 00007ff8`0b662000   C:\Windows\System32\bcryptprimitives.dll
ModLoad: 00007ff8`0d1b0000 00007ff8`0d25d000   C:\Windows\System32\shcore.dll
ModLoad: 00007ff8`0c570000 00007ff8`0c8c4000   C:\Windows\System32\combase.dll
ModLoad: 00007ff8`0b490000 00007ff8`0b590000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ff8`0dba0000 00007ff8`0dcc6000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ff8`0d450000 00007ff8`0db94000   C:\Windows\System32\SHELL32.dll
ModLoad: 00007ff8`0b790000 00007ff8`0b82d000   C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ff8`0b490000 00007ff8`0b590000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ff8`0c2f0000 00007ff8`0c48d000   C:\Windows\System32\USER32.dll
ModLoad: 00007ff8`0bb30000 00007ff8`0bb52000   C:\Windows\System32\win32u.dll
ModLoad: 00007ff8`0c130000 00007ff8`0c15c000   C:\Windows\System32\GDI32.dll
ModLoad: 00007ff8`0bcc0000 00007ff8`0bdd5000   C:\Windows\System32\gdi32full.dll
ModLoad: 00007ff8`0c530000 00007ff8`0c560000   C:\Windows\System32\IMM32.DLL
ModLoad: 00007ff8`09200000 00007ff8`09993000   C:\Windows\SYSTEM32\windows.storage.dll
ModLoad: 00007ff8`0c570000 00007ff8`0c8c4000   C:\Windows\System32\combase.dll
ModLoad: 00007ff8`0dba0000 00007ff8`0dcc6000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ff8`0adf0000 00007ff8`0ae1e000   C:\Windows\SYSTEM32\Wldp.dll
ModLoad: 00007ff8`0be10000 00007ff8`0bebf000   C:\Windows\System32\advapi32.dll
ModLoad: 00007ff8`0dcd0000 00007ff8`0dd6c000   C:\Windows\System32\sechost.dll
ModLoad: 00007ff8`0d1b0000 00007ff8`0d25d000   C:\Windows\System32\SHCORE.dll
ModLoad: 00007ff8`0c0d0000 00007ff8`0c125000   C:\Windows\System32\shlwapi.dll
ModLoad: 00007ff8`0a520000 00007ff8`0a553000   C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007fff`6d8c0000 00007fff`7cb93000   C:\Users\PC\AppData\Local\Chromium\Application\139.0.7258.154\chrome.dll
ModLoad: 00007ff8`0d140000 00007ff8`0d1ab000   C:\Windows\System32\WS2_32.dll
ModLoad: 00007ff8`0bb60000 00007ff8`0bcbe000   C:\Windows\System32\CRYPT32.dll
[...]

With the wrapper DLL :

ModLoad: 00007ff6`bc450000 00007ff6`bc765000   chrome.exe
ModLoad: 00007ff8`0ddb0000 00007ff8`0dfa8000   ntdll.dll
ModLoad: 00007ff8`0ce70000 00007ff8`0cf2f000   C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ff8`0b830000 00007ff8`0bb26000   C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007fff`bdc40000 00007fff`bddfa000   C:\Users\PC\AppData\Local\Chromium\Application\139.0.7258.154\chrome_elf.dll
ModLoad: 00007ff8`03150000 00007ff8`0315a000   C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ff8`0c490000 00007ff8`0c52e000   C:\Windows\System32\msvcrt.dll
(3608.2428): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff8`0de80910 cc              int     3
0:000> g
ModLoad: 00007ff8`0b5e0000 00007ff8`0b662000   C:\Windows\System32\bcryptprimitives.dll
ModLoad: 00007ff8`0d1b0000 00007ff8`0d25d000   C:\Windows\System32\shcore.dll
ModLoad: 00007ff8`0c570000 00007ff8`0c8c4000   C:\Windows\System32\combase.dll
ModLoad: 00007ff8`0b490000 00007ff8`0b590000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ff8`0dba0000 00007ff8`0dcc6000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ff8`0d450000 00007ff8`0db94000   C:\Windows\System32\SHELL32.dll
ModLoad: 00007ff8`0b790000 00007ff8`0b82d000   C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ff8`0b490000 00007ff8`0b590000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ff8`0c2f0000 00007ff8`0c48d000   C:\Windows\System32\USER32.dll
ModLoad: 00007ff8`0bb30000 00007ff8`0bb52000   C:\Windows\System32\win32u.dll
ModLoad: 00007ff8`0c130000 00007ff8`0c15c000   C:\Windows\System32\GDI32.dll
ModLoad: 00007ff8`0bcc0000 00007ff8`0bdd5000   C:\Windows\System32\gdi32full.dll
ModLoad: 00007ff8`0c530000 00007ff8`0c560000   C:\Windows\System32\IMM32.DLL
ModLoad: 00007ff8`09200000 00007ff8`09993000   C:\Windows\SYSTEM32\windows.storage.dll
ModLoad: 00007ff8`0c570000 00007ff8`0c8c4000   C:\Windows\System32\combase.dll
ModLoad: 00007ff8`0dba0000 00007ff8`0dcc6000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ff8`0adf0000 00007ff8`0ae1e000   C:\Windows\SYSTEM32\Wldp.dll
ModLoad: 00007ff8`0be10000 00007ff8`0bebf000   C:\Windows\System32\advapi32.dll
ModLoad: 00007ff8`0dcd0000 00007ff8`0dd6c000   C:\Windows\System32\sechost.dll
ModLoad: 00007ff8`0d1b0000 00007ff8`0d25d000   C:\Windows\System32\SHCORE.dll
ModLoad: 00007ff8`0c0d0000 00007ff8`0c125000   C:\Windows\System32\shlwapi.dll
ModLoad: 00007ff8`0a520000 00007ff8`0a553000   C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007fff`d7260000 00007fff`d7275000   C:\Users\PC\AppData\Local\Chromium\Application\139.0.7258.154\chrome.dll
ModLoad: 00007fff`6d8c0000 00007fff`7cb93000   C:\Users\PC\AppData\Local\Chromium\Application\139.0.7258.154\chrome1.DLL
ModLoad: 00007ff8`0d140000 00007ff8`0d1ab000   C:\Windows\System32\WS2_32.dll
ModLoad: 00007ff8`0bb60000 00007ff8`0bcbe000   C:\Windows\System32\CRYPT32.dll
ModLoad: 00007ff8`09a60000 00007ff8`09c44000   C:\Windows\SYSTEM32\dbghelp.dll
[...]

I also made a C++ version of the wrapper (as the loader was written in Cpp afterall), and compiled for with mingw64 g++ Chrome don't even launch anymore, so I instead decided to focus on my original C version.

I checked the chromium dynamic chrome.dll loading in chromium source code found nothing that could potentially break : https://chromium.googlesource.com/chromium/src/+/master/chrome/app/main_dll_loader_win.cc

I want chrome to import my wrapper DLL and use the function correctly within it in the same way it would do with the default chrome.dll and additionally run my own code of the wrapper. I want to know why am I getting the error? And what can I do to fix it.

EDIT: Running in compatibility mode for Windows 8 does make the pages load... But sometimes it crashes again with STATUS_CHECK_BUFFER_OVERRUN I thought maybe the problem is my build, however I reversed the original chrome.dll and confirm the architecture is 0x8664 x64... So what?

Improve this question
2
  • it is unclear what you want to know ... please edit your post ... add a focused, answerable question to your post Commented Oct 5 at 18:12
  • I thought it was clear enough @jsotola Commented Oct 5 at 19:48
Related questions
0
"Module was built without symbols" Error occurred when tried to opening a sample project
0
Unable to debug the application in VS 2010 , error thrown: cannot open the pdb file
0
JVM crash in WindowAccessbridge
Load 3 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.