So I want to make my dll only be injectable by my injector and I figured that a good way to do that is by only letting my dll be able to open when the injector is running. But I have no Idea how to do that.
Asked
Active
Viewed 142 times
-2
-
1you can enumerate running process from system and check that if certain process is running then inject your dll. – Mayur Jan 21 '19 at 07:04
-
Can I do that in the dll because I want to check in the dll if the injector is running and if yes then be able to inject – Jayne Frack Jan 21 '19 at 07:07
-
yes, offourse it's possible in dll – Mayur Jan 21 '19 at 07:12
-
No, this is not a good way to do this. There is no good way to do this. You cannot reliably tell if "your" injector and "your" dll are really yours, so the question is not properly stated to begin with. – n. m. could be an AI Jan 21 '19 at 10:04
1 Answers
0
As Mayur mentioned in comments, your DLL can enumerate running processes using EnumProcesses(), and get their filenames looking for a match to your injector. You can do that in your DLL's entry point function during the DLL_PROCESS_ATTACH stage. If the injector is not detected, your entry point can return FALSE to abort the load.
Alternatively, a much simpler way to detect your injector is to have it create a named mutex via CreateMutex() in the global kernel namespace, and then have the DLL entry point try to access that same object via OpenMutex(), and fail to load if the mutex does not exist. See Using Named Objects for more details.
Remy Lebeau
- 555,201
- 31
- 458
- 770