Thread: DllMain Malfunctions

  1. #1
    Rat with a C++ compiler Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    203

    DllMain Malfunctions

    I have read that there are some things that can "freeze" or halt the execution of DllMain if you do anything "interesting" directly in the main function. I've also heard that all this can be avoided by just wrapping what you want to do within a function and passing DllMain that function on DLL_PROCESS_ATTACH. My only question is what kind of things can you not do in DllMain and would wrapping them actually solve this problem? I am having trouble with a library executing even though everything that it does is wrapped within a function.

    (P.S. Yes, I know the rules of the forum, understand the value of the rules themselves and will not ask for help with code or share any that could be considered malicious. (I read a similar thread posted a small while ago.))
    How to ask smart questions
    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesOverwritten);

  2. #2
    - - - - - - - - oogabooga's Avatar
    Join Date
    Jan 2008
    Posts
    2,808
    This is clearly a "Windows" question.

    The "warning" at DllMain entry point says that you should create an "initialization routine" that apps must call before calling other routines.
    The cost of software maintenance increases with the square of the programmer's creativity. - Robert D. Bliss

  3. #3
    Rat with a C++ compiler Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    203
    I suppose so. I will look into initialization routines. I read (skimmed) that MSDN entry before but I just didn't put much into that because what I am doing has worked before. It must have something to do with the update to the compiler. Oh well; with updates comes compromise.
    How to ask smart questions
    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesOverwritten);

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Is DllMain's DLL_PROCESS_DETACH called when process is killed?
    By chiefmonkey in forum Windows Programming
    Replies: 3
    Last Post: 10-09-2009, 02:03 AM
  2. Should I export DllMain() function?
    By chiefmonkey in forum Windows Programming
    Replies: 4
    Last Post: 07-12-2009, 05:32 AM
  3. DllMain not being called!
    By Yarin in forum Windows Programming
    Replies: 3
    Last Post: 06-26-2008, 09:06 PM
  4. DllMain implementation
    By George2 in forum C++ Programming
    Replies: 48
    Last Post: 02-15-2008, 03:52 AM
  5. DllMain
    By George2 in forum C Programming
    Replies: 1
    Last Post: 10-19-2007, 02:33 AM