In a previous post, I was discussing the idea of adding more events to Excel by adding a window hook.Under the hood, the idea is that we can load a DLL in the Excel process simply by transforming that DLL into a COM add-in, which is automatically loaded by Excel. This post covers the situation of programs that don’t implement an add-in mechanism so loading a DLL into their process requires DLL injection.The topic of DLL injection has been covered in various other articles [1][2], so this post is mainly a summary and a sample of the basic mechanism for DLL injection. We need to create a DLL that attaches a Windows hook when loaded. We then need to load this DLL through DLL injection in the address space of the target program.So the basic steps are:Create a DLL
Notes:Step 4: Uses VirtualAllocEx
Step 5: Uses WriteProcessMemory
Step 6: Uses CreateRemoteThread with the address of the LoadLibrary function taken from GetProcAddressRead more: Windows and .NET Programming
- In the DllMain method of the DLL attach a windows hook which will log some CBT messages
- Start the target process
- Allocate some memory in the address space of the target process
- Write the path to the DLL in the allocated memory
- Call the LoadLibrary function from the kernel32 library in the target process passing the allocated memory as an argument. This will load the library specified by the written path.
Notes:Step 4: Uses VirtualAllocEx
Step 5: Uses WriteProcessMemory
Step 6: Uses CreateRemoteThread with the address of the LoadLibrary function taken from GetProcAddressRead more: Windows and .NET Programming
Posts
0 comments:
Post a Comment