[Last Call] Learn how to a build a cloud-first strategyRegister Now


Programatically trapping .DLL/.EXE loading to grant access or deny at low-level

Posted on 2006-05-02
Medium Priority
Last Modified: 2010-04-24
I'm an experienced programmer but windows kernal stuff is beneath me.  Is there a 'right' way to undermine the window's kernel's .DLL and .EXE (and .OCX, etc) loading logic before the .DLL or .EXE is loaded?  Perhaps to return an error 5 (Access Denied) if my checks are not met.

Obviously this has hacking potential but my intents are angelic I promise.  Administrative installation access is a given and obviously required.

I'm not sure if a device driver, dll replacement to hook calls, or what is the best or 'most correct' way to handle this.

This is a tough question and somebody with key kernal knowledge is needed for advice.
Question by:MaxRCannaday
LVL 20

Accepted Solution

Daniel Van Der Werken earned 1000 total points
ID: 16611491
You can find the answers to your questions in the Microsoft Device Driver Development Kit (DDK)


The answer will depend on a lot of things, but this will get you started in the right direction.  Learn to use WinDBG.  It's pretty nice.
LVL 49

Assisted Solution

DanRollins earned 1000 total points
ID: 16757119
One thought:
A Global Windows Hook gets injected into the codespace of all EXEs and DLLs that ever get loaded.  Your hook code is in a DLL that will get the normal call to DllMain... where you might be able to do something to disable the program that you are trying to control (I believe that it will already be loaded into memory and be ready to run by the time the Hook DLL's DllMain will be called).


Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following diagram presents a diamond class hierarchy: As depicted, diamond inheritance denotes when two classes (e.g., CDerived1 and CDerived2), separately extending a common base class (e.g., CBase), are sub classed simultaneously by a fourt…
In Easy String Encryption Using CryptoAPI in C++ (http://www.experts-exchange.com/viewArticle.jsp?aid=1193) I described how to encrypt text and recommended that the encrypted text be stored as a series of hexadecimal digits -- because cyphertext may…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question