150 likes | 301 Views
Win32 Programming. Lesson 21: DLL Magic. Where are we?. We’ve looked at DLLs from a build/link/execute perspective, as well as some more advanced techniques Today, start looking at Thread Local Storage and DLL interception >:). Thread Local Storage (TLS). What does the strtok function do?
E N D
Win32 Programming Lesson 21: DLL Magic
Where are we? • We’ve looked at DLLs from a build/link/execute perspective, as well as some more advanced techniques • Today, start looking at Thread Local Storage and DLL interception >:)
Thread Local Storage (TLS) • What does the strtok function do? • How does it work? • What happens in a multithreaded environment?
TLS • Provides simple method for storing variables on a per-thread basis • Two types: dynamic and static; we’ll be looking at both.
So… • We call: • DWORD TlsAlloc(); • Returns TLS_OUT_OF_INDEXES if no storage is available • Else, returns an index number which can be used to store a DWORD • BOOL TlsSetValue( DWORD dwTlsIndex, PVOID pvTlsValue);
Cleaning Up • It’s C++, so there’s not a lot of cleaning up done for us… • PVOID TlsGetValue(DWORD dwTlsIndex); • BOOL TlsFree(DWORD dwTlsIndex);
Using Static TLS • Can also do this: • __declspec(thread) DWORD gt_dwStartTime = 0; • Creates a .tls section • Allocates the necessary storage automatically
DLL Injection • So, life can be interesting • Windows provides limited process isolation • But sometimes we want to “hook” into another process • One way to do this is by leveraging DLLs
Danger, Will Robinson • Some of these techniques will make global changes to how your computer functions. You need to carefully decide whether to do this on your main machine, or if a VM is a better option. You have been warned! • (That said, I do this all on my own laptop…)
The Trick • What are we actually trying to do?
Registry • HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT\CurrentVersion\Windows\AppInit_DLLs • Hmmm. Advantages? Drawbacks?
Drawbacks… • You must restart your computer • Only mapped into processes which use User32.dll • You’re in *every* GUI app… • … for it’s entire lifetime
Better… • SetWindowsHookEx • E.g: HHOOK hHook = SetWindowsHookEx( WH_GETMESSAGE, GetMsgProc, hinstDll, 0); • Why hinstDll?
Walkthrough • DIPS