connection between .dll and .exe

[badforce788]

hi guys! i have .exe(injector) and .dll projects. i want to know which injector my .dll project interacts with. i will terminate if my injector is not used. how can I do that? thanks!

[syntex]

Did you code them by your self? doesnt sound like :/

Maybe give more information about your projects, post snippets, ref to links so we can help you

We need more information hehe

[hanibalbin]

I don’t think you have a method of doing that, it is loaded in memory by the injector and does not load anything else but the dll ( for example a signature or the name of the injector)

So the only thing you can do ia make a database of injector names and if that process exists unload the dll.

Ofcourse you can’t really do that since you can code one by yourself and give it a random name but there are also some that randomize the window amd process name every time they are ran.

TLDR: i don’t think you can

[StackOverflowed]

You can use HMAC to securely verify that your .dll is being used by your own exe

[wurstbrot123]

Your request probly has to do with licensing and its just much easier, and better to put license checks in the dll as well. There are ways to make it more difficult to use a different injector, but its all not to hard to find out.
A very easy example would be to let your injector write something to the dll memory
in ram, and if the dll doesnt find it, it quits. If you know how to code you can
produce a lot of different methods that make it harder to use a different injector.
More advanced methods could also be to **** with the NT Header and use manual injection. For example Encrypt important parts of the NT Header of your dll and let your loader decrypt it and inject it.
Also Communication methods like named pipes could be used between injector and dll
and and and.....

edit: i fell into a grave

[normality.cc]

Quote:

Originally Posted by badforce788

hi guys! i have .exe(injector) and .dll projects. i want to know which injector my .dll project interacts with. i will terminate if my injector is not used. how can I do that? thanks!

1. Shared Secret: Have your injector write a unique value (like a hardcoded GUID or HMAC key) into a specific memory address or a named pipe before injection.
2. DLL Check: Inside your DLL’s `DllMain`, read that memory/pipe. If the value doesn’t match, `FreeLibrary` and bail.

cpp:

// Injector:

Code:

WriteProcessMemory(hTargetProc, lpRemoteAddr, &SECRET_KEY, sizeof(SECRET_KEY), NULL);

// DLL:

Code:

if (memcmp(&local_key, &SECRET_KEY, sizeof(SECRET_KEY)) != 0) {  
    FreeLibraryAndExitThread(hModule, 0);  
}

Note: This is trivial to bypass if someone reverses your binary. For stronger protection, obfuscate/encrypt the check or use manual mapping with header decryption (as wurstbrot123 suggested).

—

P.S. StackOverflowed’s HMAC idea works too, but requires the injector to sign the DLL pre-injection (or embed a signature). Overkill unless you’re paranoid.