Talk:DLL injection

Latest comment: 2 months ago by 62.156.206.41 in topic Citation Needed: 32.dll

Untitled

edit

I think thread counting may not be a very reliable thing to do. Input method editors, mouse drivers and other software tend to add threads to processes and they can be perfectly legit. Shinobu (talk) 13:04, 9 August 2008 (UTC)Reply

Rating

edit

I just rated this (C, Mid). What is primarily missing, in my opinion, is a history of the subject and a selection of software, both legit and illegit, that uses the technique. Shinobu (talk) 20:06, 31 August 2008 (UTC)Reply

  • For history, a selection of software, and uses of technique, I can not really much help, but at least I can provide this anecdotal first-hand experience of using DLL injection in Linux for something good: Adding TASing to pSX ― extending the features of a closed-source program.

Interesting, I see you used LD_PRELOAD to add video recording to an emulator. To do something similar on Windows one would probably use CreateRemoteThread, as it is simple to use. Note that it is possible to start a process suspended, if necessary. Shinobu (talk) 17:09, 1 September 2008 (UTC)Reply

edit

Hello fellow Wikipedians,

I have just modified 4 external links on DLL injection. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 19:48, 4 December 2016 (UTC)Reply

Citation Needed: 32.dll

edit

"For example, if a process links to User32.dll, GDI32.dll, Kernel32.dll or any other library whose name ends in 32.dll, it would be possible to load a library named 32.dll" This section handles introducing the string into the dll. If the string Kernel32.dll\0 is present in memory, the pointer can simply be advanced by one character to get the string "ernel32.dll". Advancing the pointer by multiple bytes would result in "32.dll" 62.156.206.41 (talk) 08:49, 3 September 2024 (UTC)Reply