1 / 15

Win32 Programming

Win32 Programming. Lesson 21: DLL Magic. Where are we?. We’ve looked at DLLs from a build/link/execute perspective, as well as some more advanced techniques Today, start looking at Thread Local Storage and DLL interception >:). Thread Local Storage (TLS). What does the strtok function do?

babu
Download Presentation

Win32 Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Win32 Programming Lesson 21: DLL Magic

  2. Where are we? • We’ve looked at DLLs from a build/link/execute perspective, as well as some more advanced techniques • Today, start looking at Thread Local Storage and DLL interception >:)

  3. Thread Local Storage (TLS) • What does the strtok function do? • How does it work? • What happens in a multithreaded environment?

  4. TLS • Provides simple method for storing variables on a per-thread basis • Two types: dynamic and static; we’ll be looking at both.

  5. Supporting Structures

  6. So… • We call: • DWORD TlsAlloc(); • Returns TLS_OUT_OF_INDEXES if no storage is available • Else, returns an index number which can be used to store a DWORD • BOOL TlsSetValue(    DWORD dwTlsIndex,    PVOID pvTlsValue);

  7. Cleaning Up • It’s C++, so there’s not a lot of cleaning up done for us… • PVOID TlsGetValue(DWORD dwTlsIndex); • BOOL TlsFree(DWORD dwTlsIndex);

  8. Using Static TLS • Can also do this: • __declspec(thread) DWORD gt_dwStartTime = 0; • Creates a .tls section • Allocates the necessary storage automatically

  9. DLL Injection • So, life can be interesting • Windows provides limited process isolation • But sometimes we want to “hook” into another process • One way to do this is by leveraging DLLs

  10. Danger, Will Robinson • Some of these techniques will make global changes to how your computer functions. You need to carefully decide whether to do this on your main machine, or if a VM is a better option. You have been warned! • (That said, I do this all on my own laptop…)

  11. The Trick • What are we actually trying to do?

  12. Registry • HKEY_LOCAL_MACHINE\Software\Microsoft    \Windows NT\CurrentVersion\Windows\AppInit_DLLs • Hmmm. Advantages? Drawbacks?

  13. Drawbacks… • You must restart your computer • Only mapped into processes which use User32.dll • You’re in *every* GUI app… • … for it’s entire lifetime

  14. Better… • SetWindowsHookEx • E.g: HHOOK hHook = SetWindowsHookEx( WH_GETMESSAGE,  GetMsgProc,      hinstDll,  0); • Why hinstDll?

  15. Walkthrough • DIPS

More Related