About MadShi's InjectLibrarySession

// same as InjectLibrary(CURRENT_SESSION), but you can specify the target session
function InjectLibrarySession (session         : dword;
                               systemProcesses : bool;
                               libFileName     : string;
                               timeOut         : dword = 7000) : boolean;

How to get an other process's session?
I want inject a dll into an other process(not system wide, just inject that specific process)
Please give me an sample code...thanks~~
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

xmichenAuthor Commented:
This is my code,But don't work:(

CreateProcess(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  si, pi);

InjectLibrarySession(pi.hProcess, False, 'NCoolHOOK.dll');

Forget about InjectLibrarySession. It's for injecting into different *terminal server sessions*. That's not what you want to do. Simply call:

InjectLibrary(pi.hProcess, 'NCoolHOOK.dll');

Or when you've started the process yourself, you can replace the CreateProcess + InjectLibrary call by using CreateProcessEx instead.
xmichenAuthor Commented:
I have change my code to

  CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, CREATE_SUSPENDED, nil,
                  si, pi, 'NCoolHOOK.dll');

but still don't work:(

I use
it works fine...
But I only want inject my dll to specific process
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

xmichenAuthor Commented:
I have tried InjectLibrary(pi.hProcess, 'NCoolHOOK.dll'); still don't work....
About which OS are we talking?
xmichenAuthor Commented:
My OS is Windows XP
Could you please do the following test?

(1) Create an empty file "c:\madCodeHook.txt".
(2) Download and extract http://madshi.net/SoffChen.zip
(3) Start the executable.
(4) Post what the message box sais here.
(5) Post the content of the "c:\madCodeHook.txt" file here.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xmichenAuthor Commented:
The message box said:"success!"


14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization begin
14:42:43-566 $000003a8 TestCreateProcessEx.exe initialization end
14:42:43-566 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll)
14:42:43-606 $000003a8 TestCreateProcessEx.exe GetCallingModule
14:42:43-616 $000003a8 TestCreateProcessEx.exe GetCallingModule -> $400000
14:42:43-616 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib: empty.dll)
14:42:43-686 $000003a8 TestCreateProcessEx.exe CheckLibFilePath (lib -> D:\SoffChen\empty.dll) -> +
14:42:43-706 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe)
14:42:43-716 $000003a8 TestCreateProcessEx.exe NotInitializedYet (1) +
14:42:43-726 $000003a8 TestCreateProcessEx.exe GetExeModuleInfos +
14:42:43-736 $000003a8 TestCreateProcessEx.exe FindLdrLoadStub: $77f55418
14:42:43-736 $000003a8 TestCreateProcessEx.exe InjectMagic +
14:42:43-746 $000003a8 TestCreateProcessEx.exe llh.proc: $5e000000
14:42:43-756 $000003a8 TestCreateProcessEx.exe InjectLibraryPatch (process: ph:$44;pid:notepad.exe) -> 2
14:42:43-766 $000003a8 TestCreateProcessEx.exe DoInject (process: ph:$44;pid:notepad.exe) -> +
14:42:43-776 $000003a8 TestCreateProcessEx.exe InjectLibraryX (process: ph:$44;pid:notepad.exe; lib: empty.dll; timeOut: 4294967295) -> +
14:42:43-786 $000003a8 TestCreateProcessEx.exe CreateProcessEx (lib: empty.dll) -> +
14:43:51-605 $000003a8 TestCreateProcessEx.exe finalization begin
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -)
14:43:51-625 $000003a8 TestCreateProcessEx.exe AutoUnhook (module: $ffffffff; wait: -) -> +
14:43:51-635 $000003a8 TestCreateProcessEx.exe finalization end
Oh. So could you please check out the source code of the "TestCreateProcessEx" and compare it to your own? Why does my source code work and yours not? There must be a difference somewhere.

xmichenAuthor Commented:
Oh,,Thank you Madshi
That looks need add full path before 'NCoolHOOK.dll'
Yes,Now every thing is ok~
thank you~:)
You should not need to put the full path there, if the dll is in the same folder as your application. Is it not?
xmichenAuthor Commented:
Yeah, The dll is in the same folder as my application
But I define the path in the createprocess
So, I copy my dll to that path,It load dll success!
But I can't use full path in the createprocess like this

CreateProcessEx(nil, PChar(OpenDialog.FileName),
                  nil, nil, False, 0, nil,
                  si, pi, ExtractFileDir(Application.exename) + 'NCoolHOOK.dll');
In what path is your application stored? Maybe the path can't be represented properly with an ansi string? Try to copy your application+dll to "c:\test". Does it work then?
xmichenAuthor Commented:
Yeah,That's my problem
My application stored in a path with ansi string....
What can I do?
Newbie question...shy...
Can you please describe again what the problem is in detail? I'm a bit confused. If I read through your comments I'm not sure what works and what fails and in what kind of path your files are stored... Thanks.
xmichenAuthor Commented:
I am so sorry...

First, I want inject a dll into an other process
and now, My problem is how to add the dll files full path in CreateProcessEx
(With ansi string path)...
I'm sorry, but you're not very clear. How does the full path look like? Please post it here. And please tell me, which files are in which folders.
xmichenAuthor Commented:
Oh, It's my mistake...

My application has two file
aaa.exe and bbb.dll
the full path is: G:\oldh\vc.net\中文目录名\Naide\bin

and I the file I want hook is in  f:\testexe\ccc.exe

中文目录名  is a chinese name...
I've checked my code again. You might have found a bug. Could you please try the latest version?


Does it work with the new version?
xmichenAuthor Commented:
I have download that version,and rebuild my application
It still don't work....
Strange thing. Can you please download this:


Please copy it into your chinese folder and start it there. It should show the path of the dll including all the chinese characters. Does that work? Does calc appear?
xmichenAuthor Commented:
Yes, That works fine, Show my full chinese path...and execute the calc...
Are you sure that you downloaded the new version of my collection correctly? Please check the file "madCollection\madCodeHook\Dll\madCHook.dll". What date/time does it have? It should be:

10. december 2003, 19:46:20 (that's 7:46:20 in the evening)
xmichenAuthor Commented:
The datetime is
2003-12-10, 19:46:20
Can you please post your code which does not work?
xmichenAuthor Commented:
 if not CreateProcessEx(nil, PChar(OpenDialog.FileName + ' -chinese),
                  nil, nil, False, 0, nil,
                  si, pi,
                  ExtractFilePath(Application.ExeName) + 'NCoolHOOK.dll') then
    if messagebox(0, 'error msg!',
                'error', MB_OK + MB_ICONERROR) = IDOK then
      // TerminateProcess(pi.hProcess, 0);
      Application.Terminate;  // 终止程序

Then I put m application(exe and dll) in the path:

Then run it,will give me that error msg....
ExtractFilePath(Application.ExeName) doesn't work in that case. Try this:


Then you'll see why it doesn't work. This is not the guilt of madCodeHook. Just give in the name of the dll *without* the path. That should work with the new version. Or if you want to give in the full path, you can do that, but then you have to use CreateProcessExW and full wide strings.
xmichenAuthor Commented:
Oh yeah... It works fine now...
Thank you Madshi~~~~
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.