Win32 Programming Lesson 21: DLL Magic. Where are we? We’ve looked at DLLs from a...
-
Upload
gavin-wilcox -
Category
Documents
-
view
214 -
download
2
Transcript of Win32 Programming Lesson 21: DLL Magic. Where are we? We’ve looked at DLLs from a...
Win32 ProgrammingLesson 21: DLL Magic
Where are we? We’ve looked at DLLs from a
build/link/execute perspective, as well as some more advanced techniques
Today, start looking at Thread Local Storage and DLL interception >:)
Thread Local Storage (TLS) What does the strtok function do? How does it work? What happens in a multithreaded
environment?
TLS Provides simple method for storing variables
on a per-thread basis Two types: dynamic and static; we’ll be
looking at both.
Supporting Structures
So… We call:
DWORD TlsAlloc(); Returns TLS_OUT_OF_INDEXES if no storage is
available Else, returns an index number which can be used to store
a DWORD BOOL TlsSetValue(
DWORD dwTlsIndex, PVOID pvTlsValue);
Cleaning Up It’s C++, so there’s not a lot of cleaning up
done for us… PVOID TlsGetValue(DWORD dwTlsIndex); BOOL TlsFree(DWORD dwTlsIndex);
Using Static TLS Can also do this:
__declspec(thread) DWORD gt_dwStartTime = 0; Creates a .tls section Allocates the necessary storage automatically
DLL Injection So, life can be interesting Windows provides limited process isolation But sometimes we want to “hook” into
another process One way to do this is by leveraging DLLs
Danger, Will Robinson Some of these techniques will make global
changes to how your computer functions. You need to carefully decide whether to do this on your main machine, or if a VM is a better option. You have been warned!
(That said, I do this all on my own laptop…)
The Trick What are we actually trying to do?
Registry HKEY_LOCAL_MACHINE\Software\
Microsoft \Windows NT\CurrentVersion\Windows\AppInit_DLLs
Hmmm. Advantages? Drawbacks?
Drawbacks… You must restart your computer Only mapped into processes which use
User32.dll You’re in *every* GUI app… … for it’s entire lifetime
Better… SetWindowsHookEx
E.g: HHOOK hHook = SetWindowsHookEx(
WH_GETMESSAGE, GetMsgProc, hinstDll, 0
); Why hinstDll?
Walkthrough DIPS