Quote:
Originally Posted by Yui Funami
and here's how to actually create a .DLL instead of a .CPP:
|
Stop trying to help ppl if you don't know shit.
A DLL is a file which can be mapped in a process' address space where it is then called a
module.
A DLL uses the same file format as an executable, the PE file format.
The headers only differ in some aspects like the characteristics field, which just tells the loader that the image is a DLL.
Also, the compiler looks for another token (DllMain) to be used as the entry point.
@OP:
I don't understand your question but I will answer something nevertheless:
You can easily compile a DLL by changing some compiler options, most IDEs also have compiler setting templates for this.
Now to inject a DLL you there are two popular options(ofc there are more):
- CreateRemoteThread
- Manual mapping
The first method will remotely allocate a buffer which will hold a string to the path of your DLL.
This is needed because later you will need to (remotely) call LoadLibrary to map your DLL into the (remote) process,
whereby LoadLibrary's only parameter needs to be initialized with a pointer to the path in the current address space.
Since LoadLibrary also needs to be called remotely, you can use CreateRemoteThread to execute LoadLibrary
with the argument being a local string to your path.
The cool thing about this method is that the windows loader will almost do everything for you
(i.e. calling the dll entry point, mapping headers/sections and especially map dependencies)
The manual mapping method was invented because several anti-cheats
intercepted calls to LoadLibrary and checked the legitimacy of the call.
(e.g. by utilizing a white-list of dependencies and comparing the path against this list)
So, manual mapping nothing else than emulating the behavior of LoadLibrary.
This involves allocating a buffer for the main file, copying the headers / sections, relocating the image,
filling the IAT and mapping all other needed dependencies recursively and calling the entry point.
Another advantage of manual mapping is that there will be no entry in the PEB module lists.
Optionally some injectors cut away the DOS-Header which can be searched for and also be checked against a white-list.