What happened to OC? - CLOSED Carnage?!
Sign in to follow this  
Followers 0
WaeV

[C++][C#] True Dll Injection

19 posts in this topic

Tiddy-bits:

Nah. The usual strings.dll method is a bit more straightforward but the obvious downside is having several mods that all require a modified strings.dll.

When Halo launches, it loads every DLL in the /controls folder (for some unknown reason). The downside is that it does this on certain window events so you need two DLLs to pull it off correctly. One 'stub' in /controls that can be safely loaded an infinite number of times and then a second DLL, containing the meat of your mod, outside of the /controls folder that the first DLL will load once and only once.

Strictly speaking, you can do it with a single DLL but it'll cause problems if you wish to unload/reload the DLL (useful during development) since each time Halo tries to load everything in /controls, the reference count for your already resident DLL will be incremented, effectively rendering calls to FreeLibrary useless.

Edited by Btcc22
WaeV likes this

Share this post


Link to post
Share on other sites

Unfamiliar with Windows kernel, but personally I'd generally avoid creating threads if possible, and go with swizziling/overriding functions or.. allocate memory inside another process, write code to it, and somewhere in original program have it JMP there - I think some people call this creating a code cave. It seems too inconvenient that the only way to inject code is to create a thread inside the target process.

Share this post


Link to post
Share on other sites

There are definitely alternatives to dll injection. I guess one advantage of dll injection is that it's more... complete, I suppose. If you're only breaking in to do one quick fix, then maybe other lighter methods would work. If you plan on subclassing objects from the target process' source code, a dll may be a better option.

Share this post


Link to post
Share on other sites

I'm not necessarily stating that dll injection and what I said are mutually exclusive. Imagine that I write a procedure in a dynamic linked library, have it injected/linked into the process, and modify the process' code to call my own procedure.

Edited by nil

Share this post


Link to post
Share on other sites

Strictly speaking, you can do it with a single DLL but it'll cause problems if you wish to unload/reload the DLL (useful during development) since each time Halo tries to load everything in /controls, the reference count for your already resident DLL will be incremented, effectively rendering calls to FreeLibrary useless.

Is there a problem with just decreasing the loadcount manually via the PEB?

WaeV likes this

7oWRJVS.gif

Share this post


Link to post
Share on other sites

Is there a problem with just decreasing the loadcount manually via the PEB?

It's hacky and I don't like hacky code. :P

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0
  • Recently Browsing   0 members

    No registered users viewing this page.