is there a name for the thing where you load a proxy DLL to override behaviour of an actually-unrelated function in Windows? like those controller emulator things which hook direct3d? I have a use case but have no idea how you actually do it or what it's called
- she/her
web dracat
•
made:
internet-ti.me, @Watch, Wayback Classic, etc.
•
avatars appearing:
in 2D by nox lucent
in 3D by Zcythe
•
"If it were me, I'd have [changed] her design to make [her species] more visually clear" - some internet rando
•
I post embeds of other peoples' things at @ticky-reposts
mastodon
queer.party/@tickybsky mirror
bsky.app/profile/drac.atYou must log in to comment.
in reply to @ticky's post:
DLL injection/hooking. easiest way is probably utilizing an existing call to LoadLibrary within the application, otherwise you can force-inject a DLL in a few different ways
edit to further expand:
it's the same thing whether you're proxying an existing DLL or loading a brand new one. once you're in, you're executing code as the process, so you can hook any function from any loaded DLL or the executable itself.
regardless of the method or application, "DLL injection" is sort of the default/most common term.
you may want to check out MS Detours, it's a useful library that simplifies the whole process quite a bit and also provides a mechanism for injecting DLLs both at launch and into already running processes
in this case I am hoping to use the default DLL loading behaviour to let me add a DLL which injects my code and then passes control to the "real" DLL the program was looking for, but it's not entirely clear how I would use Detours for that, as I am not a skilled Windows C++ programmer haha
so, the passing control part is going to be somewhat annoying. when an application loads a DLL, it then uses its handle to import its functions - so if you replace an existing DLL, you then have to manually export all of its functions within your DLL.
you can do this with an EXPORTS definition file or with /EXPORT using the other_module.exported_name syntax in both cases. however, for that to work, the other module has to have a different name - so you can only use this if you can copy/rename the original DLL.
if you want to replace a system DLL, this obviously won't work. even though i'm sure there's some smart solution to this problem, it's way easier to just use another DLL as a starting point, or use detours (or any other similar tool) as a loader for a new, previously unreferenced one
edit again: alternatively to forwarding the exports, you can also just LoadLibrary within your DLL, import and load all the functions, then create your own function definitions that match the signature, and just __asm { jmp OriginalFunction }. obviously this results in a shit ton of boilerplate code and probably isn't worth the effort if the original DLL has more than a few exported functions
also thought i'd mention, if you'd like an example of DLL injection + passthrough using the "alternative" method (exploit existing loading code, then LoadLibrary + manual exports for "real" functions), i do exactly that in one of my projects, specifically this part, where i replace some functions and pass the rest to the original DLL. see imports.c, GliFixVf.c, and their respective headers (also fix.c for detours usage). sorry for lack of comments, hopefully it's at least somewhat understandable, if not i can explain in more details