[Injection] Unable to join threads

[Maeco]

Hello guys,

I got some trouble with ejecting my injected library. I use what I believe is the standard way of injection, by the use of CreateRemoteThread.
That part works well, however when I want to eject, my module locks at a synchronization function (either SignalObjectAndWait or WaitForSingleObject).

Here is the injected library entry point code:

Code:

HANDLE Thread	= NULL;
HANDLE Quit	= NULL;

// Entry point
BOOL WINAPI DllMain(HINSTANCE instance, DWORD reason, LPVOID reserved)
{
	switch (reason)
	{
	case DLL_PROCESS_ATTACH:

		// Create a manual reset event, used for exitting the thread
		if ((Quit = CreateEvent(
			NULL,
			TRUE,
			FALSE,
			NULL)) == NULL)
		{
			DisplayError(L"Create event");
			return FALSE;
		}

		// Create a thread that process the client requests
		if ((Thread = CreateThread(
			NULL,									// Default security attributes
			NULL,									// Default stack size
			Process,							// Thread procedure address
			NULL,									// No argument(s) are passed
			NULL,									// Run immediatly after creation
			&ThreadID)) == NULL)
		{
			CloseHandle(Quit);
			DisplayError(L"Create thread");
			return FALSE;
		}

		break;

	case DLL_PROCESS_DETACH:

		// Signal the event and wait for the thread to return
		SignalObjectAndWait(Quit, Thread, INFINITE, FALSE); // <== function does not return

		// Close the thread
		CloseHandle(Thread);

		// Close the event
		CloseHandle(Quit);

		break;
	}
	
	return TRUE;
}

Here is the thread entry point function:

Code:

extern HANDLE Quit;

DWORD CALLBACK Process(LPVOID argument)
{
	HANDLE pipe = NULL;

	while (WaitForSingleObject(Quit, 0) != WAIT_OBJECT_0)
	{

	}

	return TRUE;
}

When I debug step through the Process-thread (after the Quit-event state has set) I see my that the Thread is exiting the while-loop and returns. However, the SignalObjectAndWait function in the DllMain function never returns after my thread has completed. Even if I replace the SignalObjectAndWait function call with the following code:

Code:

SetEvent(Quit);
WaitForSingleObject(Thread, INFINITE);

my program remains waiting till the Process-thread returns.

Can anyone tell what I am doing wrong?

Regards,

Maeco

[Maeco]

Dang, I should have done more research on this on MSDN. It appears that you must not call a synchronisation function during DllMain, because you are creating a deadlock.

When you create a thread during the DLL_PROCESS_ATTACH, the thread won't be executing until after the DllMain function has returned, I guess some synchronization is also done during the DLL_PROCESS_DETACH call.

I am not sure if I should join my thread(s) during DLL_PROCESS_DETACH or just let them return and close their handle (prematurely).