Talk:DLL injection
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||
|
Untitled
editI think thread counting may not be a very reliable thing to do. Input method editors, mouse drivers and other software tend to add threads to processes and they can be perfectly legit. Shinobu (talk) 13:04, 9 August 2008 (UTC)
Rating
editI just rated this (C, Mid). What is primarily missing, in my opinion, is a history of the subject and a selection of software, both legit and illegit, that uses the technique. Shinobu (talk) 20:06, 31 August 2008 (UTC)
- For history, a selection of software, and uses of technique, I can not really much help, but at least I can provide this anecdotal first-hand experience of using DLL injection in Linux for something good: Adding TASing to pSX ― extending the features of a closed-source program.
Interesting, I see you used LD_PRELOAD to add video recording to an emulator. To do something similar on Windows one would probably use CreateRemoteThread, as it is simple to use. Note that it is possible to start a process suspended, if necessary. Shinobu (talk) 17:09, 1 September 2008 (UTC)
External links modified
editHello fellow Wikipedians,
I have just modified 4 external links on DLL injection. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20081203175318/http://www.bluenotch.com/files/Shewmaker-DLL-Injection.pdf to http://bluenotch.com/files/Shewmaker-DLL-Injection.pdf
- Added archive https://web.archive.org/web/20080801155929/http://win32assembly.online.fr:80/tut24.html to http://win32assembly.online.fr/tut24.html
- Added
{{dead link}}
tag to http://secure.codeproject.com/KB/threads/taskex.aspx - Added
{{dead link}}
tag to http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/user32/misc/dllmain.c?view=markup - Added archive https://web.archive.org/web/20080902002043/http://www.dreamincode.net:80/code/snippet407.htm to http://www.dreamincode.net/code/snippet407.htm
- Added
{{dead link}}
tag to http://busybin.com/busybin/C++/dll_injector/ - Added archive https://web.archive.org/web/20090206215616/http://unixhelp.ed.ac.uk:80/CGI/man-cgi?ld.so+8 to http://unixhelp.ed.ac.uk/CGI/man-cgi?ld.so+8
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}
).
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 19:48, 4 December 2016 (UTC)
Citation Needed: 32.dll
edit"For example, if a process links to User32.dll, GDI32.dll, Kernel32.dll or any other library whose name ends in 32.dll, it would be possible to load a library named 32.dll" This section handles introducing the string into the dll. If the string Kernel32.dll\0 is present in memory, the pointer can simply be advanced by one character to get the string "ernel32.dll". Advancing the pointer by multiple bytes would result in "32.dll" 62.156.206.41 (talk) 08:49, 3 September 2024 (UTC)