How to inject a dll when a new process starts?
in [Win32 Kernel]
|
Prev: ACE inheritance flag missing
Next: Trying to load an exe from memory not working on Windows 7 64bit
From: shine on 11 Nov 2009 03:35 Hi all, i use createremotethread function to inject a dll to an existed process, now the problem is How to inject a dll when a new process starts? thanks . shine
From: rogero on 11 Nov 2009 05:57 > How to inject a dll when a new process starts? Create the process with CREATE_SUSPENDED and use createRemoteThread as before. Roger.
From: Remy Lebeau on 11 Nov 2009 13:20 "shine" <geochenshine(a)gmail.com> wrote in message news:10133F8A-8481-4BC2-875E-038BC4F389E2(a)microsoft.com... > i use createremotethread function to inject a dll to an > existed process, now the problem is How to inject a dll > when a new process starts? That depends - are you starting the new process yourself? If so, then you can call CreateRemoteThread() after calling CreateProcess(). However, if you are not starting the process yourself, then you have two choices: 1) have your main app install a global hook using SetWindowsHookEx(), where the hook procedure resides in the DLL. Whenever a new process starts, global hooks are attached to it automatically by the OS. Your DLL's startup routine can detect the DLL_ATTACH_PROCESS notification and react accordingly. 2) register your DLL in the registry so the OS injects it automatically for you: http://msdn.microsoft.com/en-us/library/aa450559.aspx -- Remy Lebeau (TeamB)
From: Vincent Fatica on 11 Nov 2009 14:32 On Wed, 11 Nov 2009 10:20:33 -0800, "Remy Lebeau" <no.spam(a)no.spam.com> wrote: |2) register your DLL in the registry so the OS injects it automatically for you: http://msdn.microsoft.com/en-us/library/aa450559.aspx Only Windows CE? -- - Vince
From: Remy Lebeau on 11 Nov 2009 16:20 "Vincent Fatica" <vince(a)blackholespam.net> wrote in message news:4afb1f40$1(a)news.vefatica.net... > Only Windows CE? Sorry, I did not notice that page was for WinCE. There is an equivilent registry key available for other Windows versions as well. It is described here: About Window Classes http://msdn.microsoft.com/en-us/library/ms633574.aspx (Read the "Application Global Classes" sections) Window Classes in Win32 http://msdn.microsoft.com/en-us/library/ms997511.aspx (Read the "Application Global Classes" sections) Safe Subclassing in Win32 http://msdn.microsoft.com/en-us/library/ms997565.aspx (Read the "Win32 Subclassing Rules" section) AppInit_DLLs in Windows 7 and Windows Server 2008 R2 http://msdn.microsoft.com/en-us/library/dd744762(VS.85).aspx -- Remy Lebeau (TeamB)
|
Pages: 1 Prev: ACE inheritance flag missing Next: Trying to load an exe from memory not working on Windows 7 64bit |