The target app could be injected multiple times with same dll.
This will lead the same function be hooked multiple times.
Do you know if there is a way to detect if the target app is already injected? or is there a way to avoid multiple injection?
Asked
Active
Viewed 766 times
1 Answers
0
You could check if the DLL is already loaded in the target application before proceeding with the injection:
In .NET you can use the Process.Modules property to iterate over the loaded DLLs in a process.
For native C/C++ you can use the Windows Process Status API method EnumProcessModules to achieve the same result. An example of iterating the modules for processes can be found here.
Alternatively you could use a named system mutex within your DLL that is being injected to ensure that your hook creation logic is not applied multiple times. See the Mutex class for .NET, or CreateMutex for native. This would be more complicated approach, and require you to cleanup the mutex when the hooks are removed.
Justin Stenning
- 1,837
- 1
- 15
- 19