Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prevent Dll injection from an Dll C++

Tags:

c++

dll

hook

code-injection

I have some doubts about anti dll injection in C++. I have a game C++ based, Im having problems with hackers with dll injection. Then i need to prevent it.

I find notify hook there from there:

MSDN - Notification Hooks

But i dont have idea how to use it.

Its is possible notify hook to prevent dll injection?

How its possible? (With and example better).

Can be from dll? (With example better).

Thanks for read that post.

PS: sorry for my english.

like image 432
Marcos Avatar asked Feb 26 '12 03:02

Marcos

People also ask

How do you fix DLL injections?

Reinstalling the program may fix this problem. inject. dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vender for support.

Is DLL injection a vulnerability?

Details: Dell Digital Delivery versions prior to 3.5. 1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

What are the ways hackers will use a DLL?

DLLs are executed in the memory of the calling process, with the same access permissions. This means that there is no protection for the calling EXE if the DLL contains any anomalies. Malicious attackers may exploit this fact by using methods such as DLL Hijacking or DLL Proxying to execute their malicious code.

Is DLL injection detectable?

There are many methods to detect injected DLLs and even more to avoid getting detected. In the simple case you can iterate over all the modules in the process and look for anything that shouldn't be there. Sometimes you might want to hook LoadLibrary in case the injected DLL removes itself from the module list.

1 Answers

Forget it, unless you do very sophisticated things, it's not going to work. By sophisticated I mean something like the code obfuscation, anti-debugging technology used in Skype. Just look at this talk.

You can spend a ton of time on trying to prevent DLL injection, in the end somebody will spend less time than you and circumvent your protection. I think the time would be better invested in an architecture that's more secure and tamperproof (ie calculating scores on the server, etc).

It's a cat and mouse game you can't win.

like image 126
jupp0r Avatar answered Sep 28 '22 00:09

jupp0r
Sign in to Comment

Related questions

read/write lock implementation using mutex only?
new then throw in C++ constructor?
Boost::Spirit compilation error
How do I set up an OpenGL project using XCode 4.2 in C++?
Thread-safety with C++ and passing by reference
Copy Constructor is not invoked [duplicate]
How do I initialize boost::any with a reference to an object?
Are const class members useful when the assignment operator is overloaded?
extern keyword "missing type specifier"
Output the type of a typedef at compile time in C++ (specifically when an error occurs)
Blend FBO onto default framebuffer
Thread-specific data - why can't I just use a static map with thread IDs?
Template function in non-template class - Division between H and CPP files
gcc4 template bug or more likely id10t error
Why isn't my extern variable initialized yet?
Can I pass a non-type template argument to an overloaded operator?
When do I need a lock-free data structure for reading/writing data across threads in audio apps?
Why does memcpy fail to copy Eigen matrix data, but std::copy succeed?
c++ linker , how to link the iostream file?
How to compute LPWSTR size when using GetDlgItemText() function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!