is it possible to inject multiple Dlls with MS detours?

Question

In c++ ,I want to hook more than one dll to a process. Right now I use CreateProcesswithdll() which can hook only one api at a time. What can I do to inject multiple dlls?

I came across this problem because MS detours requires us to name our custom dll the same as original dll in order to properly detour the api calls. So even though i could have different api calls handled in the same detour dll I created I need to have different names to hook calls from different apis, which means I need different detour Dlls. This also means I need to inject different DLLs. Am I right?

If I am unclear about something I will try to present it more clearly :D

Thanks!

P.S: Just to make my problem more lucid. I need to inject more than 1 dll onto the same process. CreateProcesswithdll() creates a new process with its thread in sleep state. It is woken up after the detours has finished injecting the dll and setting up the hooks. If I want to inject more than one dll I obviously cant repeatedly call CreateProcesswithdll()

so what do i do?? or Is my understanding about some aspect of this wrong?

score 2 · Accepted Answer · edited Apr 15 '13 at 12:11

2

Seems like detourattach and detourdetach will do the trick for me. Thanks everyone!

I found this blog useful!

edited Apr 15 '13 at 12:11

Lorenzo Dematté

7,638
3
37
77

answered May 27 '11 at 18:37

ash

1,170
1
15
24

Good to hear you found a solution! Please be sure to mark your own answer as correct so your question doesn't show up unanswered (you might need to wait a bit before you can do so though) – bdonlan May 27 '11 at 20:26

score 2 · Answer 2 · answered May 27 '11 at 20:52

Calling LoadLibrary() and FreeLibrary() is NOT SAFE from DLLMain(). From TFA:

"The entry-point function should perform only simple initialization or termination tasks. It must not call the LoadLibrary or LoadLibraryEx function (or a function that calls these functions), because this may create dependency loops in the DLL load order. This can result in a DLL being used before the system has executed its initialization code. Similarly, the entry-point function must not call the FreeLibrary function (or a function that calls FreeLibrary) during process termination, because this can result in a DLL being used after the system has executed its termination code."

EDIT: Apologies - this was meant as a comment for Serge's answer above.

Serge Dundich · Answer 3 · 2011-06-03T20:04:57.827

1

Obviously you can load any number of DLLs from the first DLL you inject with detours.

EDIT.

When DLL is loaded system runs DllMain of your DLL (with fdwReason==DLL_PROCESS_ATTACH) and then within that function you can do whatever you like, e.g. you can call LoadLibrary to load other DLLs.

ADD: I totally agree with comments that calling LoadLibrary from DllMain is unsafe. So you can call LoadLibrary (and all the other tricky things) from thread created in DllMain.

edited Jun 03 '11 at 20:04

answered May 26 '11 at 19:04

Serge Dundich

4,221
2
21
16

@Serge Thanks for the reply! I am new to windows programming and stuff and am not entirely convinced with my understanding of how detours works. So when you mention the first DLL injected by detours do you mean the dll that i inject first or does Detours inject soemthing before the custom dll that I inject? If it does not inject anything then do you mean to say that I can load more dlls from my custom dll? If that is so will the detours properly detour calls to that dll. Sorry for being wordy. Just making sure that I am getting what you are suggesting. – ash May 26 '11 at 19:10
@ash: I mean DLL that you inject with Detours. When DLL is loaded system runs [DllMain](http://msdn.microsoft.com/en-us/library/ms682583%28v=vs.85%29.aspx) of your DLL (with `fdwReason==DLL_PROCESS_ATTACH`) and you can do whatever you like, e.g. you can call [LoadLibrary](http://msdn.microsoft.com/en-us/library/ms684175%28v=vs.85%29.aspx) to load other DLLs. – Serge Dundich May 26 '11 at 19:25
@Serge Thanks again! Ya i understand the DLL main mechanics. But are you suggesting that I inject my new dll inside the dllmain of the already injected DLL? I want to inject multiple different DLLs ! – ash May 26 '11 at 19:32
@Serge If i simply load the dll i dont think detours will be able to hook up that dll specific APIs ..right? – ash May 26 '11 at 19:34
You shouldn't do "whatever you like" in DllMain, lest you end up tangling with the loader lock. – Aaron Klotz May 26 '11 at 21:58
@Aaron: OK. Whatever you can't do in DllMain you can do from a thread or work item created from DllMain. – Serge Dundich May 27 '11 at 04:44

is it possible to inject multiple Dlls with MS detours?

3 Answers3