How to inject my dll into all user processes [Win]?

[MaRKuS-DJM]

what i think about this AppInit_DLLs:
this would make us crackers possible to write a DLL which accesses a configuration file (maybe crack.txt) with all neccessary information to inline-patch nearly every packed program (thread instantly checking on loading-time of DLL for neccessary bytes). a configuration file like this one from ASLoad:

Exe:file.exe
Mod:1
Crash:0
Patch:
Offsetriginal byteatched byte

what do you think of this? a universal inline-patcher... you don't need cracks anymore, only the neccessary bytes

[britedream]

Quote:

Originally Posted by MaRKuS-DJM

what i think about this AppInit_DLLs:
this would make us crackers possible to write a DLL which accesses a configuration file (maybe crack.txt) with all neccessary information to inline-patch nearly every packed program (thread instantly checking on loading-time of DLL for neccessary bytes). a configuration file like this one from ASLoad:

Exe:file.exe
Mod:1
Crash:0
Patch:
Offsetriginal byteatched byte

what do you think of this? a universal inline-patcher... you don't need cracks anymore, only the neccessary bytes

The problem I see with that,if I understoond your idea correctly, is you need to know when to patch, many targets use the same address for different flags, while others reset flags , and set them few times.so targets are not the same.

[niom]

what about DllMain/global-var initializiation code?

i mean, if an exe is linked to a dll that contains antidebugging/whatever code in its dllmain (or global ctor-like), this code would be executed through the windows loader *before* own dlls are injected, so this could be a problem.

or i'm wrong?

and how could this be solved?

[MaRKuS-DJM]

Quote:

Originally Posted by britedream

The problem I see with that,if I understoond your idea correctly, is you need to know when to patch, many targets use the same address for different flags, while others reset flags , and set them few times.so targets are not the same.

that's true. maybe it could be done through some waiting-values (for example the Module Handle dword) like it is done in diablos dUP for ASProtected apps.
the other problem your mentioned also exists for every type of loader or crack... i think it could be handled.
i got the idea of such a patcher one year before, but through the idea of patching kernel. i didn't know there's a registry value that can inject such dlls.