Jump to content
Tuts 4 You

Register a global dll? (also a question about making drivers)

high6

By high6
in Programming and Coding

Recommended Posts

high6

high6

Posted
Posted

Sorry don't know the technical term. How do you register a dll to be loaded into every process? (Also how do you get the list of all the dlls loaded into every process?)

On a side note, is this documentation on writing a driver still good (it is 4-5 years old)? Is there something I should know/worry about when making a driver?

Link to comment
0xFF

0xFF

Posted
Posted (edited)

Developing a device driver isn't a children playground, the most important thing i know about it is ALWAYS use Try/Except to avoid BSOD's.

example:

{
Try
 // Code that fails here
Except
 DbgPrint( .. );
}
Edited by Rot1
Link to comment
Loki

Loki

Posted
Posted

You can do it via registry if you want to but the process must already at minumum import user32.dll

DLLs listed under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs will be loaded into every process so add yours there.

Will probably need a restart to get it going.....

Link to comment
high6

high6

Posted
  • Author
Posted
You can do it via registry if you want to but the process must already at minumum import user32.dll

DLLs listed under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs will be loaded into every process so add yours there.

Will probably need a restart to get it going.....

Thanks :D .

Link to comment
high6

high6

Posted
  • Author
Posted
You can do it via registry if you want to but the process must already at minumum import user32.dll

DLLs listed under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs will be loaded into every process so add yours there.

Will probably need a restart to get it going.....

How do the other programs do it though? Cause Kernel Detective picks up lots of registered dlls, yet none are in there.

Link to comment
Patrickssj6

Patrickssj6

Posted
Posted
Kernel Detective picks up lots of registered dlls, yet none are in there.

Did not understand you clearly !!

He is asking how it is possible that there are other registered dlls running (which he picked up with Kernel Detective) which are not registered in that specified registry entry.

Link to comment
Killboy

Killboy

Posted
Posted

I once had a funny app that loaded a driver which hid all the entries of its dll in all sorts of places, even hid all its files and folders so explorer couldnt see it.

KernelDetective came to rescue, killed the task and removed all the entries and files.

Working fine ever since.

Thanks to GamingMaster and his wonderful tool <3 hehe

Link to comment
GamingMasteR

GamingMasteR

Posted
Posted

Thanks Killboy ^_^

It must hide it's components by kernel level hooks, Kernel Detective can bypass kernel level hooks generically .

But if a DLL unlinks ifself from the process PEB then Kernel Detective can't see it because i don't rely on "MZ" signature scanning or any other method for DLLs detection, actually DLLs is the most neglected part in Kernel Detective :D

Link to comment
high6

high6

Posted
  • Author
Posted

But like for example where is the AVG dll registered?

I have a ton of dlls that are loaded before olly even hooks the process, where are those registered?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...