|
|
#7
02-16-2005, 04:43
|
|||
|
|||
|
Few things about the HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows NT\CurrentVersion\Windows\AppInit_DLLs method of Injecting a DLL. Windows 98 will ignore this registry key, so you cannot use this technique under windows 98. When you're adding dlls to the key, only the first dll can have a path name. All other paths will be ignored, so you should put your dll in the windows directory. After you change the registry key, you must restart the machine so windows initializes and saves the value to the key. Then when the user32.dll is mapped into a process, it will call the dllmain of your dll with reason DLL_PROCESS_ATTACH so each library can initialize itself. Because your injected dll is loaded early in the process's lifetime, you must excercise caution when calling functions. Of all the methods for injecting dlls, this is the easiest. --------------------------------------------------------- Some other ways that you might want to look into, whether you need it or not, it's still fun to learn: Injection through windows hooks, injection using remote threads, injection as debugger, memory mapped file, or createprocess. Hope this helps people who are trying to learn dll injection with what to look for while searching. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hiding processes using FROST (64bit) | typedef | x64 OS | 6 | 05-22-2014 23:21 |
| LordPE limited to 60 processes? | tbone | General Discussion | 0 | 07-01-2004 06:35 |
| IDA debugging sub processes | Bram Kate | General Discussion | 2 | 05-03-2004 18:28 |
Threaded Mode