DLL Injection is a technique used for running code
within the address space of another process by forcing it to load a "dynamic link library injection".
DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend
A program used to inject arbitrary code into arbitrary processes is called a DLL injector
Using SetWindowHookEx API for DLL injection
Because hooks run in the context of an application, they must match the "bitness" of the application. If a 32-bit application installs a global hook on 64-bit Windows, the 32-bit hook is injected into each 32-bit process (the usual security boundaries apply). In a 64-bit process, the threads are still marked as "hooked." However, because a 32-bit application must run the hook code, the system executes the hook in the hooking app's context; specifically, on the thread that called SetWindowsHookEx. This means that the hooking application must continue to pump messages or it might block the normal functioning of the 64-bit processes.
If a 64-bit application installs a global hook on 64-bit Windows, the 64-bit hook is injected into each 64-bit process, while all 32-bit processes use a callback to the hooking application.
To hook all applications on the desktop of a 64-bit Windows installation, install a 32-bit global hook and a 64-bit global hook, each from appropriate processes, and be sure to keep pumping messages in the hooking application to avoid blocking normal functioning. If you already have a 32-bit global hooking application and it doesn't need to run in each application's context, you may not need to create a 64-bit version.
Here is my code show you how to Inject DLL To Any Process
You can download my projects from here
Create My dll same here
Now create new project with application
Add -> Reference
Any feedback on dll injection. Leave your comment, we ca discuss about it!
View more: https://learn-tech-tips.blogspot.com/2015/10/dll-injection-and-exmaple-2.html
Explore My Other Channel for More Cool and Valuable Insights
๐ Youtube Learn Tech Tips๐ Tiktok
๐ Facebook:DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend
A program used to inject arbitrary code into arbitrary processes is called a DLL injector
Using SetWindowHookEx API for DLL injection
Explore My Other Channel for More Cool and Valuable Insights
๐ Youtube Learn Tech Tips๐ Tiktok
๐ Facebook:Remarks:
SetWindowsHookEx can be used to inject a DLL into another process. A 32-bit DLL cannot be injected into a 64-bit process, and a 64-bit DLL cannot be injected into a 32-bit process. If an application requires the use of hooks in other processes, it is required that a 32-bit application call SetWindowsHookEx to inject a 32-bit DLL into 32-bit processes, and a 64-bit application call SetWindowsHookEx to inject a 64-bit DLL into 64-bit processes. The 32-bit and 64-bit DLLs must have different names.Because hooks run in the context of an application, they must match the "bitness" of the application. If a 32-bit application installs a global hook on 64-bit Windows, the 32-bit hook is injected into each 32-bit process (the usual security boundaries apply). In a 64-bit process, the threads are still marked as "hooked." However, because a 32-bit application must run the hook code, the system executes the hook in the hooking app's context; specifically, on the thread that called SetWindowsHookEx. This means that the hooking application must continue to pump messages or it might block the normal functioning of the 64-bit processes.
If a 64-bit application installs a global hook on 64-bit Windows, the 64-bit hook is injected into each 64-bit process, while all 32-bit processes use a callback to the hooking application.
To hook all applications on the desktop of a 64-bit Windows installation, install a 32-bit global hook and a 64-bit global hook, each from appropriate processes, and be sure to keep pumping messages in the hooking application to avoid blocking normal functioning. If you already have a 32-bit global hooking application and it doesn't need to run in each application's context, you may not need to create a 64-bit version.
Here is my code show you how to Inject DLL To Any Process
You can download my projects from here
Demo here:
Create My dll same here
// dllmain.cpp : Defines the entry point for the DLL application.
/* ****************************************
* Author: Zidane (huuvi168@gmail.com)
* Last modified: 2015-06-08
* ****************************************/
#include "stdafx.h"
#include "dll.h"
#define PARAM_ONE 1000
const UINT WM_HOOK_WRITE = RegisterWindowMessage(L"WM_HOOK_WRITE");
const UINT WM_HOOKEX = RegisterWindowMessage(L"WM_HOOKEX_RK");
#define pCW ((CWPSTRUCT*)lParam)
WNDPROC OldWndProc = NULL;
LRESULT CALLBACK NewWndProc(HWND,UINT,WPARAM,LPARAM);
BOOL bHooked = 0;
HWND ghWnd;
HHOOK hHookKeyBoard;
HINSTANCE hModuleDll;
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
hModuleDll = (HINSTANCE) hModule;
DisableThreadLibraryCalls(hModuleDll);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
// hร m HookPro phแบฃi cรณ CALLBACK, khรดng cรณ CALLBACK sแบฝ bแป lแปi not response
LRESULT CALLBACK HookProc (int nCode, WPARAM wParam, LPARAM lParam)
{
HHOOK hHook = (HHOOK)pCW->wParam;
if(nCode<0)
return CallNextHookEx(hHook, nCode, wParam,lParam);
HWND hVLWnd = pCW->hwnd;
if((pCW->message == WM_HOOKEX) && pCW->lParam)
{
UnhookWindowsHookEx(hHookKeyBoard);
if (bHooked)
return CallNextHookEx(hHook, nCode, wParam,lParam);
TCHAR lib_name[MAX_PATH];
GetModuleFileName(hModuleDll, lib_name, MAX_PATH);
if(!LoadLibrary(lib_name))
return CallNextHookEx(hHook, nCode, wParam,lParam);
OldWndProc = (WNDPROC)SetWindowLong(hVLWnd, GWL_WNDPROC, (LONG)NewWndProc);
if(OldWndProc == NULL) {
FreeLibrary(hModuleDll);
}
else
{
bHooked = TRUE;
}
}
else if(pCW->message == WM_HOOKEX)
{
UnhookWindowsHookEx(hHookKeyBoard);
if (!bHooked)
return CallNextHookEx(hHook, nCode, wParam,lParam);
if(!SetWindowLong(hVLWnd, GWL_WNDPROC, (LONG)OldWndProc))
return CallNextHookEx(hHook, nCode, wParam,lParam);
FreeLibrary(hModuleDll);
bHooked = FALSE;
}
}
LRESULT CALLBACK NewWndProc(HWND hWnd, UINT uMsg,
WPARAM wParam, LPARAM lParam)
{
if (uMsg == WM_HOOK_WRITE)
{
switch (wParam) // Received from Application Demo
{
case PARAM_ONE:
MessageBox(hWnd, L"received message
succeed from dll!",L"learn-tech-tips",0);
break;
}
}
return CallWindowProc(OldWndProc, hWnd, uMsg, wParam, lParam);
}
int InjectDll(HWND hWnd)
{
if (!IsWindow(hWnd))
return 0;
ghWnd = hWnd;
hHookKeyBoard = SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hModuleDll,
GetWindowThreadProcessId(hWnd,NULL));
MessageBox(hWnd, L"InjectDll succeed!",L"learn-tech-tips",0);
if(hHookKeyBoard == NULL)
{
return 0;
}
else
{
SendMessage(hWnd, WM_HOOKEX, WPARAM(hHookKeyBoard), 1);
}
return 1;
}
int UnmapDll(HWND hWnd)
{
if (!IsWindow(hWnd))
return 0;
HHOOK hHook = SetWindowsHookEx(WH_CALLWNDPROC,
(HOOKPROC)HookProc, hModuleDll,
GetWindowThreadProcessId(hWnd,NULL));
if(hHook==NULL)
return 0;
SendMessage(hWnd, WM_HOOKEX, (WPARAM)hHook, 0);
return 1;
}
// dll.h
/* ****************************************
* Author: Zidane (huuvi168@gmail.com)
* Last modified: 2015-06-08
* ****************************************/
#if _MSC_VER > 1000
#pragmaonce
#endif
#if !defined INJECT_EX__H
#define INJECT_EX__H
#ifdef INJECT_EX_EXPORTS
#define HOOKDLL_API extern "C" __declspec(dllexport)
#else
#define HOOKDLL_API extern"C"__declspec(dllimport)
#endif
HOOKDLL_API int InjectDll(HWND hWnd);
HOOKDLL_API int UnmapDll(HWND hWnd);
#endif
Now create new project with application
Add -> Reference
/* ****************************************
* Author: Zidane (huuvi168@gmail.com)
* Last modified: 2015-06-08
* ****************************************/
void CAppDlg::OnBnClickedButtonSendmsg()
{
// TODO: Add your control notification handler code here
CString sWindowName = L"Hex";
m_hVLWin = ::FindWindow(NULL, sWindowName);
if (!m_hVLWin)
return;
if (InjectDll(m_hVLWin))
SetWindowTextW(L"Inject " + sWindowName + L" Succeed!
Ready to call function ...");
}
void CAppDlg::OnBnClickedButtonExec()
{
// TODO: Add your control notification handler code here
::SendMessage(m_hVLWin, WM_HOOK_WRITE, PARAM_ONE, 1 );
}
Any feedback on dll injection. Leave your comment, we ca discuss about it!
View more: https://learn-tech-tips.blogspot.com/2015/10/dll-injection-and-exmaple-2.html
Are you interested in topic DLL injection and DLL injection example from Webzone Tech Tips? If you have any thoughts or questions, please share them in the comment section below. I would love to hear from you and chat about it
Webzone Tech Tips Zidane
