• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1678
  • Last Modified:

DLL Injection - beginner, but nice problem !

Hi Experts

I need to inject my code into another process's address space somehow, because I want to detect when a process wants to create a new window and to quickly grab the handle of that window be4 it is created !

Now I know there are 2 methods : Dll injecting ( creating a DLL and injecting it ?) and CreateRemoteThread & WriteProcessMemory ( which doesn't requires any DLL? )

I don't know too good whats all about all of this, atleast I know how to use APIs and Im coding in AutoIt :)

Could someone forward me on a good way - write some summary steps by steps I need to do, or atleast to tell me whether is hard to do what I want? Thankyou soo much experts !!
1 Solution
btanExec ConsultantCommented:
in general for dll injection, the dll is your remote sensor to listen in and signal when to act on certain trigger. This is one nice article - http://newgre.net/node/4

Typically it is creating the process in suspend mode, or enumerate running process and stop at the targeted process id or szExeFile. The key part is as you stated, based on targeted  process (in control), in its address memory space you inject the DLL, as follow
(1) get the location of the loadlibrary (LoadLibPTR),
(2) allocate sufficient memory space for your DLL (return youDLLaddressPtr),
(3) write in your DLL into the memory space allocated
(4) trigger your DLL loading using CreateRemoteThread with param LoadLibPTR and youDLLaddressPtr


There are other method like AppInit_DLLs and SetWindowsHookEx. Microsoft Detour library is another - primarily API hooking

I am not into AutoIT but this seems to suggest some code working ( By Shaggi)

I suspect "CreateWindow" function (inside "user32.dll")  is the one of interest and probaby going simply for SetWindowsHookEx suffice. belos is an old old article describing overall and may be useful...
AlexMertAuthor Commented:
Could I pay someone to code this ? Thankyou
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now