开发者

How can I inject a native dll from C# application using SetWindowHookEx (and is it safer than injecting with CreateRemoteThread)

开发者 https://www.devze.com 2023-04-01 23:48 出处:网络
First of all, I don\'t want to monitor the keyboard or mouse, I only want to load my dll into the other process\'s address space. I\'m currently doing this with external unmanaged dll which does Write

First of all, I don't want to monitor the keyboard or mouse, I only want to load my dll into the other process's address space. I'm currently doing this with external unmanaged dll which does WriteProcessMemory, VirtualAllocEx and then CreateRemoteThread. But 开发者_如何学运维this is usually detected as a virus. Will the SetWindowsHookEx be safer for the antiviruses? And if so, how to use it from C# - what WH_* value should I use?

EDIT: My DLL is unmanaged (written in C)


Your C# code would be analogous to your native code, using PInvoke to call the Virtual* functions.

It is unlikely it wouldn't be detected by an antivirus program, if your native code is.

It sounds like the antivirus is the problem, and not your code.

Although you might be able to mitigate it somewhat, depending on the antivirus vendor they may allow this sort of hooking (for computer based training...) without issue if your app is digitally signed and the cert chains up to a trusted root.

0

精彩评论

暂无评论...
验证码 换一张
取 消