Reputation: 1200
is it possible to inject multiple Dlls with MS detours?
In c++ ,I want to hook more than one dll to a process. Right now I use CreateProcesswithdll() which can hook only one api at a time. What can I do to inject multiple dlls?
I came across this problem because MS detours requires us to name our custom dll the same as original dll in order to properly detour the api calls. So even though i could have different api calls handled in the same detour dll I created I need to have different names to hook calls from different apis, which means I need different detour Dlls. This also means I need to inject different DLLs. Am I right?
If I am unclear about something I will try to present it more clearly :D
Thanks!
P.S: Just to make my problem more lucid. I need to inject more than 1 dll onto the same process. CreateProcesswithdll() creates a new process with its thread in sleep state. It is woken up after the detours has finished injecting the dll and setting up the hooks. If I want to inject more than one dll I obviously cant repeatedly call CreateProcesswithdll()
so what do i do?? or Is my understanding about some aspect of this wrong?
Upvotes: 0
Views: 2241
Answers (3)
Reputation: 1200
Seems like detourattach and detourdetach will do the trick for me. Thanks everyone!
I found this blog useful!
Upvotes: 2
Reputation: 4439
Obviously you can load any number of DLLs from the first DLL you inject with detours.
EDIT.
When DLL is loaded system runs DllMain of your DLL (with fdwReason==DLL_PROCESS_ATTACH) and then within that function you can do whatever you like, e.g. you can call LoadLibrary to load other DLLs.
ADD: I totally agree with comments that calling LoadLibrary from DllMain is unsafe. So you can call LoadLibrary (and all the other tricky things) from thread created in DllMain.
Upvotes: 1
Reputation: 3718
Calling LoadLibrary() and FreeLibrary() is NOT SAFE from DLLMain(). From TFA:
"The entry-point function should perform only simple initialization or termination tasks. It must not call the LoadLibrary or LoadLibraryEx function (or a function that calls these functions), because this may create dependency loops in the DLL load order. This can result in a DLL being used before the system has executed its initialization code. Similarly, the entry-point function must not call the FreeLibrary function (or a function that calls FreeLibrary) during process termination, because this can result in a DLL being used after the system has executed its termination code."
EDIT: Apologies - this was meant as a comment for Serge's answer above.
Upvotes: 2
Related Questions
- Detours DLL injection works only for specific applications
- Error 0xc000007b When trying to inject a DLL with detours
- Detouring a member-function via an injected DLL
- Hooking with MS Detours crash when hook function is called C++
- Can Microsoft Detours be used to hook system-wide calls without injecting into every proc?
- Preventing a DLL file from loading into my process via MS Detours
- DLL injection prior to process execution
- Detours: Prevent task kill of my software via another software
- Application Crashes when hooked with MS Detours and Injected with Withdll.exe
- Having trouble with microsoft detours