Win32 Programming - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Win32 Programming

Description:

Cleaning Up. It's C , so there's not a lot of cleaning up done for us... Registry. HKEY_LOCAL_MACHINESoftwareMicrosoft Windows NTCurrentVersionWindows ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 16
Provided by: richar134
Category:

less

Transcript and Presenter's Notes

Title: Win32 Programming


1
Win32 Programming
  • Lesson 21 DLL Magic

2
Where are we?
  • Weve looked at DLLs from a build/link/execute
    perspective, as well as some more advanced
    techniques
  • Today, start looking at Thread Local Storage and
    DLL interception gt)

3
Thread Local Storage (TLS)
  • What does the strtok function do?
  • How does it work?
  • What happens in a multithreaded environment?

4
TLS
  • Provides simple method for storing variables on a
    per-thread basis
  • Two types dynamic and static well be looking
    at both.

5
Supporting Structures
6
So
  • We call
  • DWORD TlsAlloc()
  • Returns TLS_OUT_OF_INDEXES if no storage is
    available
  • Else, returns an index number which can be used
    to store a DWORD
  • BOOL TlsSetValue(    DWORD dwTlsIndex,
       PVOID pvTlsValue)

7
Cleaning Up
  • Its C, so theres not a lot of cleaning up
    done for us
  • PVOID TlsGetValue(DWORD dwTlsIndex)
  • BOOL TlsFree(DWORD dwTlsIndex)

8
Using Static TLS
  • Can also do this
  • __declspec(thread) DWORD gt_dwStartTime  0
  • Creates a .tls section
  • Allocates the necessary storage automatically

9
DLL Injection
  • So, life can be interesting
  • Windows provides limited process isolation
  • But sometimes we want to hook into another
    process
  • One way to do this is by leveraging DLLs

10
Danger, Will Robinson
  • Some of these techniques will make global changes
    to how your computer functions. You need to
    carefully decide whether to do this on your main
    machine, or if a VM is a better option. You have
    been warned!
  • (That said, I do this all on my own laptop)

11
The Trick
  • What are we actually trying to do?

12
Registry
  • HKEY_LOCAL_MACHINE\Software\Microsoft
       \Windows NT\CurrentVersion\Windows\AppInit_DLLs
  • Hmmm. Advantages? Drawbacks?

13
Drawbacks
  • You must restart your computer
  • Only mapped into processes which use User32.dll
  • Youre in every GUI app
  • for its entire lifetime

14
Better
  • SetWindowsHookEx
  • E.g HHOOK hHook  SetWindowsHookEx( WH_GETMESS
    AGE,  GetMsgProc,      hinstDll,  0)
  • Why hinstDll?

15
Walkthrough
  • DIPS
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Win32 Programming" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!