A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
 #21662  by Stylo
 Thu Dec 12, 2013 4:11 pm
I started reading about APC recently and started writing examples.
on the first example i came into, the program crashes when the APC is scheduled
maybe one of you can explain the reason?
the code is
Code: Select all
#define	_WIN32_WINNT	0x0400

#include <Windows.h>
#include <stdio.h>

void SayHello() {
	while( TRUE ) {
		printf("Hello\n");
		SleepEx( 1000, TRUE );
	}
}

void CALLBACK SayGoodbye() {
	printf("Bye\n");
}

int main(int argc, char *argv[]) {
	HANDLE	hThread;

	hThread = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&SayHello, NULL, 0, NULL );
	Sleep( 5000 );
	QueueUserAPC( (PAPCFUNC)SayGoodbye, hThread, 0 );
	Sleep( 1000 );

	return 0;
}
The output is:
Hello
Bye

and then it crashes
any ideas?
Thanks
 #21680  by EP_X0FF
 Sat Dec 14, 2013 7:06 am
APCs allow user programs and system components to execute code in the context of a particular thread and, therefore, within the address space of a particular process.
http://www.drdobbs.com/inside-nts-async ... /184416590

http://msdn.microsoft.com/en-us/library ... s.85).aspx and all msdn information about APC routines.