I am trying to inject a DLL into another process with not much success. While doing my research I found out that there is more then one way to do this. The question is : What is the optimal way or When should I use let's say CreateRemoteThread() instead of LoadLibrary()?
Please look at Detours?
Also this - http://www.codeproject.com/Articles/30140/API-Hooking-with-MS-Detours
Related
I have been trying to get a callstack of the current thread to improve an existing tracing library used in our library code. I want to have file and line numbers or at the very least function/method name, just raw adresses will not do.
The problem I have is that StackWalker and other solutions based on dbghelp.h functions are not thread safe, and I randomly get crashes when using StackWalker even if I use a mutex inside my library. I also tried to use boost::stacktrace, but it would not work and boost is very unpopular in my organisation.
My goal is at first to make it work on Windows, then I would work on a linux/posix implementation which will probably be much easier. I'm not very knowledgable about win32 api, does any of you know of any Api to achive this? In the end, I'd like to make everything open source. I'd also like to make this library dead simple and small, so that anybody can use it.
Thanks!
As I am new to c++,I wanted know does the function/procedure/routine present within the .dll(dynamic link library) file execute faster then the normal function/procedure/routine present within the same file? or to make my code run faster whether i should use multithreads ?. kindly provide some bloggers link, if you people know please answer this.Thanks in advance.
Well, I would expect that calling a DLL function will have a little overhead, not the other way around as you suggest. According to this Overhead of DLL this overhead is very little, if any.
As you mention multithresding, I think I understand the source of your confusion. There no connection between DLLs and multithreading! DLL calls are synchronized, just as calling functions from within the executable is. If you want to execute them on a separate thread, you just create a separate thread and call the DLL function from there.
I've been developing for some time. And these beasts appear from time to time in MFC, wxWidgets code, and yet I can't find any info on what they do exactly.
As I understand, they appeared before dynamic_cast was integrated into core C++. And the purpose, is to allow for object creation on the fly, and runtime dynamic casts.
But this is where all the information I found, ends.
I've run into some sample code that uses DECLARE_DYNAMIC_CLASS and IMPLEMENT_DYNAMIC_CLASS within a DLL, and that is used for exported classes. And this structure confuses me.
Why is it done this way? Is that a plugin based approach, where you call LoadLibrary and then call the CreateDynamicClass to get a pointer which can be casted to the needed type?
Does the DECLARE/IMPLEMENT_DYNAMIC work over DLL boundaries? Since even class is not so safe to DLLEXPORT, and here we have a custom RTTI table in addition to existing problems.
Is it possible to derive my class from a DYNAMIC_CLASS from another DLL, how would it work?
Can anyone please explain me what these things are for, or where I can find more than a two sentences on a topic?
This stuff appends addional type information to your class, which allows to RTTI in runtime-independent manner, possibility of having factories to create your classes and many other things. You can find similar approach at COM, QMetaObject, etc
Have you looked at the definitions of DECLARE/IMPLEMENT_DYNAMIC?
In the MS world, all uppercase usually denotes a macro, so you can just look up the definition and try to work out what it's doing from there. If you're in Visual Studio, there's a key you can hit to jump to the definition - see what it says, and look that up and try to work from there.
Is it possible to load a native (C++) DLL as an executable?
preferablly straight from the memory without creating EXE on the hard-drive or something similar?
Microsoft provides Rundll32.exe which can be used to execute DLL functions that have been explicitly coded to support this usage.
What, specifically, would this mean? For example, what entry point would it use in the DLL?
The only way this would actually work would be if the DLL was specifically written to allow it. And if that were the case, then it's not exactly clear why you would not just create an executable file instead of a DLL in the first place.
Case in point is the RunDLL32.exe stub. It's designed to execute a function from a DLL with a specific signature as the entry point. If the DLL wasn't specifically designed to comply with this signature, then things don't go well. If you need functionality like this, you might want to consider matching the function signature required by RunDLL32.exe and using it to "execute" your DLL.
Look up rundll32.exe. But you'd better know exactly what you're doing. I'm not sure, honestly.
You can use LoadLibrary WinAPI call to load a DLL.
Is there a quick way to hook a dll in c++? I know there is Microsoft's Detours thing, but isn't there a quick a simple way just to hook a few dll functions?
For example I want to hook a the function void mytestfunction() in the dll mytestdll.dll to hook_mytestfunction().
thanks in advance!
Probably the easiest way is to put your own wrapper DLL with the same name in the directory of the EXE, and put a copy of the hooked DLL in the same directory with a new name. Then, in the IAT of your wrapper DLL, redirect any non-intercepted call to the wrapped DLL (export forwarding), and implement the others yourself.
To redirect functions, put the following line in your .DEF file: Foo=wrapped_mytestdll.Foo where Foo is the (mangled) function name and wrapped_mytestdll is the new name of the copied DLL.
As a result, the affected EXE loads your wrapper DLL, and in turn the wrapped DLL. Functions in your wrapper DLL take precedence over the wrapped DLL. The only calls not intercepted are calls by the wrapped DLL to itself, as those don't go through your IAT.
(I've since found a link to a tool to generate a basic ".DEF" file, but haven't tested it myself. Use at your own risk.)
Detours is the quick and simple way!
I assume if you're hooking a DLL that you're hooking the exports of that DLL?
In that case you can perform a simple IAT (and potentially EAT if necessary) hook.
The advantage of IAT/EAT hooks over Detours is that the application and removal of the hooks is 100% safe (as you're not replacing code, you're replacing a pointer, so there is no chance of a race condition), and it's easy to do the hooks on native x64 processes too (which Microsoft's Detours library can't do unless you fork out 10 grand for the Prof edition).
Yes, there are 3rd party detour libraries which have x64 support and take care of most of the race conditions and what-not, but some of them are really expensive, and others are just a pain to work with.
IAT/EAT hooks are quick and easy, and there is sample code for performing them available in the book "Windows via C/C++" (along with a multitude of places on the interwebs).
This is a fairly generic answer I know, but it's hard to go into more detail without more information on what you're trying to do exactly.
I've used this some times ago with success :
http://software.intel.com/en-us/articles/intercepting-system-api-calls/
However I google it and could find something new at code project with great grades :
http://www.codeproject.com/KB/winsdk/LibMinHook.aspx
Just call GetProcAddress(hDll, "mytestfunction"), and write jmp hook_mytestfunction there, then place instructions at start of mytestfunction in hook_mytestfunction.
It's really quick and easy, of course if you understand it. If you don't - use MS Detours or another library. Usually you can do it without understanding of how it works.