Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some hooks cause Java programs to crash or hang #31

Open
psalire opened this issue Nov 4, 2021 · 8 comments
Open

Some hooks cause Java programs to crash or hang #31

psalire opened this issue Nov 4, 2021 · 8 comments

Comments

@psalire
Copy link

psalire commented Nov 4, 2021

Current Behavior

.jars and Java based .exes crash unless I use exclude-apis=RtlDispatchException:NtProtectVirtualMemory

image

Steps to Reproduce

To make sure it wasn't an issue specific with the samples that I'm using, I compiled a simple jar file that just prints "hello world"

  1. Submit the helloworld.jar file to CAPE without any options
  2. Observe that it crashes
  3. Submit the helloworld.jar file with option exclude-apis=RtlDispatchException:NtProtectVirtualMemory
  4. Observe that it successfully runs

Individually, I noticed that:

  • RtlDispatchException causes Java to crash
  • NtProtectVirtualMemory causes Java to hang

Context

Question Answer
Git commit (CAPE) 2391d5ad343f5f307dee4c0b053da64d3c1e9452
OS version Ubuntu 20.04 host, Windows 10 64-bit guest
Java version 11.0.11
@kevoreilly
Copy link
Owner

Thanks for testing/supplying the hooks that cause the issues - this helps a lot. I'll attempt to get to the bottom of this.

@psalire
Copy link
Author

psalire commented Nov 5, 2021

Great, thanks
Minor correction on my part - helloworld.jar run successfully for me with just excluding RtlDispatchException. However, if I convert the jar into an exe with launch4j, both hooks are needed (RtlDispatchException:NtProtectVirtualMemory).

@ethhart
Copy link

ethhart commented Apr 22, 2022
edited
Loading

Any progress on this? Some additional info that may be of use: Running on NT6.3, NtProtectVirtualMemory needs exclusion for jar and 64 bit exe's to work on my CAPE instance. It doesn't have this issue when run on NT6.1.

@kevoreilly
Copy link
Owner

by NT6.3 do you mean Windows 8.1?!

@ethhart
Copy link

ethhart commented Apr 22, 2022

Yes, and Server 2012 R2. Same behavior on Windows 10. Just thought the Win 8.1 and 2012 R2 tests would help trace the issue.

@kevoreilly
Copy link
Owner

Ah ok thanks for the clarification. I will test with Windows 10. Finding the relevant Java installer is proving non-trivial.

@ethhart
Copy link

ethhart commented Apr 26, 2022
edited
Loading

I've been using this installer for my CAPE env. https://download.oracle.com/java/17/archive/jdk-17.0.1_windows-x64_bin.exe
Got the same results for v18 as well. If you run through CAPE's submission, make sure you add a path to this Java installation in the jar package. I've replicated this by just feeding a config.ini and the capemon_x64.dll into the loader_64.exe though.

@kevoreilly
Copy link
Owner

Sorry to let this slide for so long - looking again now I see that I could avoid the need to set up Java in advance by testing against one of your launch4j binaries - any chance you could share one please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kevoreilly @psalire @ethhart