Quantcast

Jump to content

» «
Photo

Making a DLL loader

2 replies to this topic
Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#1

Posted 04 May 2012 - 05:54 PM

I need to make a DLL injector/ loader for an application. Now I would like to do this before the application actually starts, somewhat before the WinMain or main function.

I had read some articles related to it, and found that code cave is the best method for doing this. But are there any drawbacks to it? Also will the appropriate dll have to be loaded before the dll is loaded?

INT 03
  • INT 03

    Breakpoint

  • Members
  • Joined: 16 Jul 2005

#2

Posted 31 May 2012 - 12:20 PM

If your injector may start the application, the easiest way is probably to specify the CREATE_SUSPENDED flag when calling CreateProcess. It causes the primary thread of the process to be created in suspended state. You can then inject your DLL. Once you're done with it, resume the primary thread by using the handle returned via the process information structure to start the program.

QUOTE

Also will the appropriate dll have to be loaded before the dll is loaded?

No. When loading PE files via Windows API (e.g. LoadLibrary, CreateProcess, etc.), Windows resolves all (non-delay) imports listed in the image's import table, or refuses to load the file if it is unable to.

Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#3

Posted 06 June 2012 - 01:33 PM

Thank you! I have been doing the exact same process and have got no odds so far. I had preferred shoving ASM code into the application as the best method though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users