Injecting an unmanaged dll into an unmanaged target....

May 4, 2012 at 6:59 AM

...is it possible w/easyhook - from the MANAGED interface?  So far, I've run into assembly/manifest-related errors.

Coordinator
May 4, 2012 at 11:41 AM

I think you have to do something like the following:

1) create a native DLL that exports:

     "HookCompleteInjection" (in case of 64-bit) and
     "_HookCompleteInjection@4" (in case of 32-bit). 
The expected entry point signature is REMOTE_ENTRY_POINT (see easyhook.h and RemoteHook\thread.c)
2) make a call like this from your host C# process: 
     NativeAPI.RhInjectLibrary(process.Id, 0, 0, "TestDLL.dll", "TestDLL.dll", IntPtr.Zero, 0); 
Note: EasyHook is not designed to inject any old DLL, it is designed to inject DLL's made specifically for use with EasyHook (i.e. one that has the HookCompleteInjection export).
Cheers,
Justin
May 5, 2012 at 10:43 PM

I'm following you on this, but I don't understand the purpose of the "@4" in the entrypoint name.  What is it, and how do I implement it?

May 5, 2012 at 10:49 PM

Just found the answer to my own question:

"A decorated name is a string created by the compiler during compilation of the function definition or prototype. "@4" in the name means it has total parameter length of 4 bytes (a 32-bit integer?).

You can use dumpbin.exe to get the decorated names from your .dll"