Archives

DLL Injection

Hijacking another program's function calls in Windows is frighteningly easy. Today I fixed a minor but irritating bug in a closed-source program by injecting a DLL into it and redirecting a few of its function calls. I had to write maybe 100 lines of code.

I feel very pleased with myself... and a little dirty.

Share

5 comments to DLL Injection

  • Detours?

    Nearly everything I do these days is webserver stuff, but the small bit I’ve tried with Detours in the recent past involved a lot of me not finding documentation.

    • EasyHook

      The documentation is OK. It could use more examples, more detailed descriptions, and editing by a native English speaker, but it at least documents the entire API. There are some examples in the documentation, and some more in the source code zip. It took me one morning of experimentation to get the hang of it. Now that I’ve wrapped my brain around it, it’s a actually a pretty simple and straightforward API.

      I’m using the C API only, although EasyHook has a .NET API as well. Injecting the .NET Framework into another process Just Seems Wrong to me, though.

      • Are you really injecting the .Net Framework into the code, or injecting a DLL, which waits and listens for a specific call, and then passes off to another DLL which does the Framework interface?

        I haven’t done anything along those lines with the .Net Framework and was only using C++ back when I tried it (and again, it was Detours I was trying for the passthrough stuff), but assumed it was more along those lines.

        Basically what I’m saying is that I have no idea.

        I used to go home and code all night on things that struck me as interesting. But these days I go home and largely just fall asleep. I live an exciting life.


        • Are you really injecting the .Net Framework into the code, or injecting a DLL, which waits and listens for a specific call, and then passes off to another DLL which does the Framework interface?

          Well, yeah, the .Net framework is basically just of bunch of DLLs, but that would still load them into the target process. Unless you mean passing it off to a DLL in another process? It’s possible, but I don’t think it works that way.

          In my case, I’m just injecting a very small C DLL that doesn’t depend on much of anything.

        • … in the mashed potatoes

          If I knew it was going to be that kind of party I would’ve stuck my …

Leave a Reply