Win32ASM Community messageboard Here you can view your subscribed threads, work with private messages and edit your profile and preferences Registration is free! Calendar Find other members Frequently Asked Questions Search Home  
Win32ASM Community messageboard : Powered by vBulletin version 2.2.6 Win32ASM Community messageboard > General > Main > A Tip for you people and dlls
  Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
devilsclaw
Code Warrior

Registered: Dec 2002
Location:
Posts: 26

 A Tip for you people and dlls

When a dll is loaded into a program force or normal it has an area that is always called no matter what.

between
dllEntry PROC
dllEntry endp

it is always called

so if you want to find the curent process that calls that dll all you have to do is. 

code:
.586
.MODEL          FLAT,STDCALL

INCLUDE         \masm32\include\Windows.inc
INCLUDE         \masm32\include\Kernel32.inc
INCLUDE         \masm32\include\User32.inc
INCLUDELIB    \masm32\lib\Kernel32.lib
INCLUDELIB    \masm32\lib\User32.lib

.DATA
WindowName db "The Names of the window",0

.DATA?
Finished dword ?
BLANK2 dword ?
FoundIT dword ?

.CODE
dllEntry        PROC
    cmp Finished,01h
    je YepFinished
    invoke FindWindowA,NULL,offset WindowName
    cmp eax,00h
    je YepFinished
    mov Finished,01
    invoke GetWindowThreadProcessId,eax,offset BLANK2
    invoke OpenProcess,PROCESS_VM_READ or PROCESS_VM_WRITE or PROCESS_VM_OPERATION,0,BLANK2
    mov FoundIT,eax
    YepFinished:
    ret
dllEntry        endp
END             dllEntry
FoundIT has what you need.

Im posting this for people who want to know this because no one would help me with it. so i figure others did to.

this is help full if you use a hooked dll and you want to process something once the dll loaded into the programs memory.

Last edited by bitRAKE on January 2nd, 2003 at 01:35 PM

Report this post to a moderator | IP: Logged

Old Post December 15th, 2002 07:23 PM
devilsclaw is offline Click Here to See the Profile for devilsclaw Click here to Send devilsclaw a Private Message Visit devilsclaw's homepage! Find more posts by devilsclaw Add devilsclaw to your buddy list Edit/Delete Message Reply w/Quote
Fake51
Code Warrior

Registered: Oct 2001
Location:
Posts: 50

Uhmm ...... Not to bother you, but ....

quote:

so if you want to find the curent process that calls that dll all you have to do is.


It won't find the currentprocess, but just the process with the window named "The Names of the window" ..... or am I mistaken?

Far as I can see, you have to give it a name of some window, for it to work. Or will FindWindow return a handle to the topmost window of the current process? Seems unlikely to me.

Fake

__________________
There is no tomorrow, just another yesterday ...

Report this post to a moderator | IP: Logged

Old Post December 15th, 2002 09:19 PM
Fake51 is offline Click Here to See the Profile for Fake51 Click here to Send Fake51 a Private Message Find more posts by Fake51 Add Fake51 to your buddy list Edit/Delete Message Reply w/Quote
devilsclaw
Code Warrior

Registered: Dec 2002
Location:
Posts: 26

well true. but is does do what i said also just a diff way of doing it. im sure if you dont know the name of the window you will need to try a diff approch.

Report this post to a moderator | IP: Logged

Old Post December 15th, 2002 10:00 PM
devilsclaw is offline Click Here to See the Profile for devilsclaw Click here to Send devilsclaw a Private Message Visit devilsclaw's homepage! Find more posts by devilsclaw Add devilsclaw to your buddy list Edit/Delete Message Reply w/Quote
stormix
Code Warrior

Registered: Oct 2002
Location:
Posts: 23

Hi,

Since your DLL is run as the process that calls it, all you need to do is:

 

code:

invoke GetCurrentProcessId
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax


but since you're run as the current process, you don't need to use WriteProcessMemory, CreateRemoteThread etc. you can just do it.

-stormix

Report this post to a moderator | IP: Logged

Old Post December 15th, 2002 11:09 PM
stormix is offline Click Here to See the Profile for stormix Click here to Send stormix a Private Message Visit stormix's homepage! Find more posts by stormix Add stormix to your buddy list Edit/Delete Message Reply w/Quote
devilsclaw
Code Warrior

Registered: Dec 2002
Location:
Posts: 26

Well i found a new way to get the process info that is faster and you dont need the windows name.

this will get the id of the current process that your dll is in. 

code:
dllEntry        PROC    hInstance,fdwReason,lpvReserved

        .IF fdwReason==DLL_PROCESS_ATTACH
        call addon_02
        invoke GetCurrentProcessId,NULL
        invoke OpenProcess,PROCESS_VM_READ or PROCESS_VM_WRITE or PROCESS_VM_OPERATION,0,eax
        mov ReturnValue,eax
        .ELSEIF fdwReason==DLL_PROCESS_DETACH
        .ENDIF
    mov eax,1
    ret
dllEntry        ENDP

Last edited by bitRAKE on January 2nd, 2003 at 01:37 PM

Report this post to a moderator | IP: Logged

Old Post January 2nd, 2003 09:54 AM
devilsclaw is offline Click Here to See the Profile for devilsclaw Click here to Send devilsclaw a Private Message Visit devilsclaw's homepage! Find more posts by devilsclaw Add devilsclaw to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 06:37 AM. Post New Thread    Post A Reply
  Last Thread   Next Thread
Show Printable Version | Email this Page | Subscribe to this Thread

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
 

< Contact Us - Win32ASM Community >

Powered by: vBulletin Version 2.2.6
Copyright ©2000, 2001, Jelsoft Enterprises Limited.
2001,2002, Win32ASMCommunity.net