I know how to create a dll and link a program to that dll. But I have seen code for and heard of dlls that are executed everytime a program is. Somthing to the effect of CBT dlls? How do you make these?
Printable View
I know how to create a dll and link a program to that dll. But I have seen code for and heard of dlls that are executed everytime a program is. Somthing to the effect of CBT dlls? How do you make these?
An executable only used the DLL's that it's linked against [or that it's DLL's are linked against]. Of course, some DLL's will be used by just about any application, such as kernel32.dll - even if the app itself isn't making system calls directly, it's pretty darn difficult to NOT make some system call throughout the entire program [and still do something meaningful within the program].
--
Mats
Actually, there's a registry in NT-based systems that lists DLLs that are loaded into every process. Global hooks also involve DLLs being loaded into every process. Jeffrey Richter's "Programming Applications for Microsoft Windows" contains a whole chapter on DLL injection.
The only DLLs that are always loaded into every application are kernel32.dll and ntdll.dll since they participate in the initialization and/or exiting of the application. Ntdll does some general initialization and kernel32.dll calls the program entry point.
Well, technically global DLLs don't exist. Applications cannot share initialized memory, so they also cannot share DLL modules.
I didn't want to use any hooks for "injection". If do, then security systems will say "this program's actions could harm your computer" which isn't so bad, it's just that almost everyone interprets that as "this program is going to destroy your computer". (I guess that's why the best publicly availible security system isn't at all popular.)
So I think that registry key is just what I was looking for.
Thanks for the replies.