Dll Injection - What is possible with it?

dll-injection
Emerion picture Emerion · Sep 29, 2010 · Viewed 7.1k times · Source

I was browsing the internet lately, when I stumbled upon Dll Injection.

I think its an interesting subject but, I have no clue what the purpose of it is?

I have read that it can be used for cracking/hacking games and software but is it also possible to do something positive with it?

if so, what can it be used for?

And what languages support this?

For the record, I am not going to try and Crack/hack any game with knowledge gained, no intention to do someting illegal!

Thanks for the time,

Emerion

ps: Websites/books that are on this subject would be appreciated!

Answer

Jim Brissom picture Jim Brissom · Sep 29, 2010

There are several uses that come to my mind:

  • Hot patching: Allows you to update/patch parts of your code without actually shutting down the process or restarting. Microsoft itself made sure large parts of Windows are hot-patchable by prefixing functions with a 5-byte NOP block. Why? Because you can JMP to any other part of your code in 5 bytes, so hot-patching basically overwrites the prefix bytes with a JMP to the updated/patched code and voila, your code does something entirely new. This is often used together with DLL injection to load the new code into the target process, and while not mandatory, it's one of its uses.

  • Logging: In the same spirit, detouring code is often used to prefix a function for logging purposes, i.e. to see with what parameters it is called. Also, some applications that record screen output from DirectX applications do this by detouring the DirectX calls, which again involves injecting a DLL into the process that monitors calls.

  • Subclassing: Not in the OOP sense, but in the Windows sense, i.e. providing a new WndProc for an existing window to alter its behavior. While you can simply set a different message handling routine via SetWindowLongPtr, the limiting factor to this is that the function needs to reside in the target process address space. This is where injection comes in once again: you provide a new implementation in a DLL, inject this into the target process and call SetWindowLongPtr. This can be used to provide custom, additional drawing on a foreign window, for example.

I have personally had to deal with all of the above use cases in the past, in regular business applications, from using hot patching to ensure uptime on a critical notification system in medical services to using detours/logging to allow a proprietary record management (by a then already dead software shop) to talk to a full-blown CRM solution in real-time.

As always, it's just a tool in your box, and there is nothing inherently "evil" about it. It's for whatever purpose you make use of it that counts.

Related questions

Hooking DirectX EndScene from an injected DLL

I want to detour EndScene from an arbitrary DirectX 9 application to create a small overlay. As an example, you could take the frame counter overlay of FRAPS, which is shown in games when activated. I know the following methods to …

Read More
Getting a handle to the process's main thread

I have created an additional thread in some small testing app and want to suspend the main thread from this additional thread. The additional thread is created via CreateRemoteThread from an external process. Since SuspendThread needs a HANDLE to the …

Read More
C# DLL Injection

Is it possible to inject a DLL file into a process such as explorer or svchost using C#? I know this is possible in C++ but is it in C#? If so would it matter how the DLL was written, …

Read More