End Google Ads 201810 - BS.net 01 --> Hi, i have the following problem:

I have a process which uses PlaySoundA[^] WINAPI function to play a specific sound (let's be it "c:\test.wav"). So the process has already loaded the needed "winmm.dll"

I want to play the same sound when the DLL is injected into the process, so the code looks like:

#define WINVER 0x600 #define _WIN32_WINDOWS 0x600 #define _WIN32_WINNT 0x600 #include typedef bool __stdcall (*psfunc)(LPCTSTR pszSound, HMODULE hmod, DWORD fdwSound); void play() { psfunc ps; HMODULE winmm = GetModuleHandle("winmm");; ps = (psfunc)GetProcAddress(winmm, "PlaySoundA"); ps("c:\\test.wav", 0, SND_FILENAME | SND_ASYNC); } BOOL __stdcall DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) { switch (dwReason) { case DLL_PROCESS_ATTACH: OutputDebugString("play before"); play(); OutputDebugString("play after"); break; case DLL_PROCESS_DETACH: break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } return TRUE; }
The dll is injected correctly via CreateRemoteThread & LoadLibrary.
But the sound is never played and the dll is blocking at the call of
ps("c:\\test.wav", 0, SND_FILENAME | SND_ASYNC);
Trying to exit the process freezes too because of the blocking thread.
Why does it never return? Procss Monitor doesn't show any error.
How can I solve this?