Injecting .dll in windows applications on linux

Question

Hello stackoverflow community,

recently I have switched from Windows to Linux so did all my applications and projects. I think it's the best choice I've ever made but I'm not sure if it's also the case for injecting Windows DLLs into Windows programs that run with Wine.

I'm aware that .so is the shared library format for Linux but I can't find an equivalent port of that dll... I have tried to run Extreme Injector, Xenos injector and also my own written one with Wine which works flawlessly in Windows but that gave me a load of errors and didn't even start those injectors.

The injector i compiled under Windows:

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>

DWORD GetProcId(const char* procName)
{
    DWORD procId = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hSnap != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 procEntry;
        procEntry.dwSize = sizeof(procEntry);

        if (Process32First(hSnap, &procEntry))
        {
            do
            {
                if (!_stricmp(procEntry.szExeFile, procName))
                {
                    procId = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));
        }
    }
    CloseHandle(hSnap);
    return procId;
}

int main()
{
    const char* dllPath = "mydll.dll";
    const char* procName = "program.exe";
    DWORD procId = 0;

    while (!procId)
    {
        procId = GetProcId(procName);
        Sleep(30);
    }

    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, procId);

    if (hProc && hProc != INVALID_HANDLE_VALUE)
    {
        void* loc = VirtualAllocEx(hProc, 0, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

        WriteProcessMemory(hProc, loc, dllPath, strlen(dllPath) + 1, 0);

        HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, loc, 0, 0);

        if (hThread)
        {
            CloseHandle(hThread);
        }
    }

    if (hProc)
    {
        CloseHandle(hProc);
    }
    return 0;
}

Why won't in particular my injector work under Wine (and the other ones)? I guess that's a more complicated question than it seems to be at first but maybe someone knows the answer to that.

I'm just looking for a simple method to inject Windows DLLs into Windows applications running on Linux with Wine. Is there a way to do that? Also if someone knows how to modify the simple injector under Windows code to make it work with Wine and explain why those particular modifications have to be in place to make it work it'd be very appreciated.

Thank You for your time.

Greetings

Answer 1

DLL Injection should work with wine, provided that both the injector and the target program run in the same wine prefix.

You can use mingw to compile DLLs on Linux.

Keep case-sensitivity in mind though, importing Windows.h won't work, windows.h will import just fine. Here is the code for an example DLL you can use for testing:

#include <windows.h>
#include <iostream>

DWORD WINAPI MainThread(HMODULE hModule) {
    AllocConsole();
    FILE* f;
    freopen_s(&f, "CONOUT$", "w", stdout);
    std::cout << "TEST" << std::endl;

    fclose(f);
    FreeConsole();
    FreeLibraryAndExitThread(hModule, 0);
    return 0;
}

__declspec(dllexport) BOOL WINAPI APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
  switch (ul_reason_for_call) {
    case DLL_PROCESS_ATTACH:
    {
      CloseHandle(CreateThread(nullptr, 0, (LPTHREAD_START_ROUTINE)MainThread, hModule, 0, nullptr));
    }
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
  }
  return TRUE;
}

As written in the article linked above you will need to add -shared -Wl,--subsystem,windows when linking.