Programatically trapping .DLL/.EXE loading to grant access or deny at low-level

Posted on 2006-05-02
Last Modified: 2010-04-24
I'm an experienced programmer but windows kernal stuff is beneath me.  Is there a 'right' way to undermine the window's kernel's .DLL and .EXE (and .OCX, etc) loading logic before the .DLL or .EXE is loaded?  Perhaps to return an error 5 (Access Denied) if my checks are not met.

Obviously this has hacking potential but my intents are angelic I promise.  Administrative installation access is a given and obviously required.

I'm not sure if a device driver, dll replacement to hook calls, or what is the best or 'most correct' way to handle this.

This is a tough question and somebody with key kernal knowledge is needed for advice.
Question by:MaxRCannaday
    LVL 19

    Accepted Solution

    You can find the answers to your questions in the Microsoft Device Driver Development Kit (DDK)

    The answer will depend on a lot of things, but this will get you started in the right direction.  Learn to use WinDBG.  It's pretty nice.
    LVL 49

    Assisted Solution

    One thought:
    A Global Windows Hook gets injected into the codespace of all EXEs and DLLs that ever get loaded.  Your hook code is in a DLL that will get the normal call to DllMain... where you might be able to do something to disable the program that you are trying to control (I believe that it will already be loaded into memory and be ready to run by the time the Hook DLL's DllMain will be called).


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    The following diagram presents a diamond class hierarchy: As depicted, diamond inheritance denotes when two classes (e.g., CDerived1 and CDerived2), separately extending a common base class (e.g., CBase), are sub classed simultaneously by a fourt…
    In Easy String Encryption Using CryptoAPI in C++ ( I described how to encrypt text and recommended that the encrypted text be stored as a series of hexadecimal digits -- because cyphertext may…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now