Didier Stevens

Tuesday 26 October 2010

Update: LoadDLLViaAppInit

Filed under: My Software,Update — Didier Stevens @ 9:04

This new version of LoadDLLViaAppInit allows you to load more than one DLL inside a process. You separate the DLL names with a semi-colon (;).

For example, to load DLLs hook-createprocess.dll and EnforcePermanentDEP.dll inside process acrord32.exe, you configure this:

acrord32.exe    hook-createprocess.dll;EnforcePermanentDEP.dll

Download:

LoadDLLViaAppInit_V0_0_0_2.zip (https)

MD5: F458DAEAB1A3E68870EE0608E2A1FFFC

SHA256: 9C8BA52A68893F33E0019CC64264C24A7EEC09C5D0DAE6F43C110ACFD45E621F

5 Comments »

  1. works under win7?

    Comment by s0meb0dy — Friday 29 October 2010 @ 17:27

  2. Yes, but you need to set an extra flag (see original blog post) and this is a 32-bit dll.

    Comment by Didier Stevens — Saturday 30 October 2010 @ 8:16

  3. [...] Update: LoadDLLViaAppInit – didierstevens.com This new version of LoadDLLViaAppInit allows you to load more than one DLL inside a process. You separate the DLL names with a semi-colon (;). [...]

    Pingback by Week 43 in Review – 2010 | Infosec Events — Monday 1 November 2010 @ 10:00

  4. [...] it to the import table of the target process (EnforcePermanentDEP.dll exports function Dummy), use LoadDLLViaAppInit or use your own preferred injection [...]

    Pingback by EnforcePermanentDEP « Didier Stevens — Monday 8 November 2010 @ 0:46

  5. [...] LoadDLLViaAppInit is a tool I released to load DLLs inside selected processes. If you want to use this 32-bit version of LoadDLLViaAppInit on a 64-bit Windows machine, you need to configure AppInit_DLLs in this registry key: [...]

    Pingback by LoadDLLViaAppInit 64-bit « Didier Stevens — Wednesday 19 October 2011 @ 16:47


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 227 other followers

%d bloggers like this: