I want to inject my dll into every process whenever it is started by user. I found AppCertDLLs does exactly this. I tried this dll and it worked (system did not want to start at first, but in later boots I managed to login, but this time explorer freezed whenever I tried to copy, delete or move file. -I guess it is related to messagebox, since it tries to use gui, windows ( version 21H1 )was problematic- ).
Here is my dll code:
#include <windows.h>
#include <Ole2.h>
#include "detours.h"
#include <iostream>
#pragma comment (lib, "detours.lib")
#define BUFSIZE 1024
static HRESULT(WINAPI* dragAndDropPointer)(LPDATAOBJECT pDataObj,
LPDROPSOURCE pDropSource,
DWORD dwOKEffects,
LPDWORD pdwEffect) = DoDragDrop;
extern "C" __declspec(dllexport)
HRESULT WINAPI dragAndDropHook(LPDATAOBJECT pDataObj,
LPDROPSOURCE pDropSource,
DWORD dwOKEffects,
LPDWORD pdwEffect)
{
TCHAR chBuf[1024];
WCHAR rec[1024];
DWORD read = 0;
FORMATETC formatetc = {};
STGMEDIUM stgMedium;
DWORD size;
BOOL allowClipboardData = TRUE;
DWORD numberOfBytesWrite = 0;
formatetc = { CF_UNICODETEXT,0,DVASPECT_CONTENT,-1,TYMED_HGLOBAL };
HRESULT hres = pDataObj->GetData(&formatetc, &stgMedium);
if (hres == S_OK) {
WCHAR* text = (WCHAR *)GlobalLock(stgMedium.hGlobal);
HANDLE hPipe;
LPTSTR lpvMessage = text;
TCHAR chBuf[BUFSIZE];
BOOL fSuccess;
DWORD cbRead, cbWritten, dwMode;
LPTSTR lpszPipename = TEXT("\\\\.\\pipe\\dll_injection");
while (1)
{
hPipe = CreateFile(
lpszPipename, // pipe name
GENERIC_READ | // read and write access
GENERIC_WRITE,
0, // no sharing
NULL, // default security attributes
OPEN_EXISTING, // opens existing pipe
0, // default attributes
NULL); // no template file
// Break if the pipe handle is valid.
if (hPipe != INVALID_HANDLE_VALUE)
break;
// Exit if an error other than ERROR_PIPE_BUSY occurs.
if (GetLastError() != ERROR_PIPE_BUSY)
{
printf("Could not open pipe");
return 0;
}
// All pipe instances are busy, so wait for 20 seconds.
if (!WaitNamedPipe(lpszPipename, 20000))
{
printf("Could not open pipe");
return 0;
}
}
// The pipe connected; change to message-read mode.
dwMode = PIPE_READMODE_MESSAGE;
fSuccess = SetNamedPipeHandleState(
hPipe, // pipe handle
&dwMode, // new pipe mode
NULL, // don't set maximum bytes
NULL); // don't set maximum time
if (!fSuccess)
{
printf("SetNamedPipeHandleState failed");
return 0;
}
// Send a message to the pipe server.
fSuccess = WriteFile(
hPipe, // pipe handle
lpvMessage, // message
(lstrlen(lpvMessage) + 1) * sizeof(TCHAR), // message length
&cbWritten, // bytes written
NULL); // not overlapped
if (!fSuccess)
{
printf("WriteFile failed");
return 0;
}
do
{
// Read from the pipe.
fSuccess = ReadFile(
hPipe, // pipe handle
chBuf, // buffer to receive reply
BUFSIZE * sizeof(TCHAR), // size of buffer
&cbRead, // number of bytes read
NULL); // not overlapped
if (!fSuccess && GetLastError() != ERROR_MORE_DATA)
break;
} while (!fSuccess); // repeat loop if ERROR_MORE_DATA
CloseHandle(hPipe);
//determined after ReadFile , for now it is always 1.
if (allowClipboardData) {
dragAndDropPointer(pDataObj, pDropSource, dwOKEffects, pdwEffect);
}
else {
dragAndDropPointer(pDataObj, pDropSource, dwOKEffects, DROPEFFECT_NONE);
}
return S_OK;
}
dragAndDropPointer(pDataObj, pDropSource, dwOKEffects, pdwEffect);
return S_OK;
}
extern "C" __declspec(dllexport)
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD dwReason,
LPVOID lpReserved) {
if (dwReason == DLL_PROCESS_ATTACH) {
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)dragAndDropPointer, dragAndDropHook);
DetourTransactionCommit();
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)dragAndDropPointer, dragAndDropHook);
DetourTransactionCommit();
}
else if (dwReason == DLL_THREAD_ATTACH) {
return TRUE;
}
else if (dwReason == DLL_THREAD_DETACH) {
return TRUE;
}
return TRUE;
}
I want to inject my dll into every process whenever it is started by user. I found AppCertDLLs does exactly this. I tried this dll and it worked (system did not want to start at first, but in later boots I managed to login, but this time explorer freezed whenever I tried to copy, delete or move file. -I guess it is related to messagebox, since it tries to use gui, windows ( version 21H1 )was problematic- ). Here is my dll code:
Any help?