View Single Post
Old 02-16-2005, 04:43
Posts: n/a
Few things about the HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows NT\CurrentVersion\Windows\AppInit_DLLs
method of Injecting a DLL.

Windows 98 will ignore this registry key, so you cannot use this technique under windows 98.

When you're adding dlls to the key, only the first dll can have a path name. All other paths will be ignored, so you should put your dll in the windows directory.

After you change the registry key, you must restart the machine so windows initializes and saves the value to the key. Then when the user32.dll is mapped into a process, it will call the dllmain of your dll with reason DLL_PROCESS_ATTACH so each library can initialize itself.

Because your injected dll is loaded early in the process's lifetime, you must excercise caution when calling functions.

Of all the methods for injecting dlls, this is the easiest.


Some other ways that you might want to look into, whether you need it or not, it's still fun to learn: Injection through windows hooks, injection using remote threads, injection as debugger, memory mapped file, or createprocess.

Hope this helps people who are trying to learn dll injection with what to look for while searching.
Reply With Quote