Jump to content
BlueOrange

Create a Delphi Dll and load it with DllMain

Recommended Posts

Hi, friends

 

Im with a little problem. Im trying to create a delphi Dll with a form in RAD Studio, but i don't know how to make it load with DllMain. I want to inject this Dll in a third-party process at runtime after.

I created the Dll project with the form without problems, but i can't find nothing good related to "how to load it with DllMain", or at least the tutorials/things i found doesn't helped me (or i'm just dumb ).

Can someone help me? Give me some hint or a site/video where i can learn it?

 

Thanks for your time guys! =)

Share this post


Link to post

Can you describe what injection technique you plan to use, and what you have achieved so far. Also, don't try to work on this with the production DLL. Work with a simple do nothing DLL so that you can test one thing at a time. 

  • Like 1

Share this post


Link to post

Hi, David 😄

 

Basically:

- I have a process X running in my system (third-party process);

- While process X is running, i want to inject my Delphi Dll with a simple main window with, for example, a checkbox;

- How i want to inject it? Using, for example, LoadLibraryA.

 

By i remember, when i made my Delphi Dll with a simple form, it compiled fine but, when i tried to inject it with a Dll-Injector (Xenos Injector in this case), nothing occurs (a little obvious but im with problems to fix it anyway xD).

Share this post


Link to post
1 hour ago, BlueOrange said:

Give me some hint

I just ran the compiled demo for InjectAPI and that still worked on a freshly installed Windoze 20H2.

But you can't have a DLL with forms only Kernel32 and User32 API. This means you will need to hack some communication with an app.
But let me warn you, I was surprised that it worked especially since the Binaries where not signed.

This is oodles more restrictive today than it was 20 years ago 🙂

 

 

Quote

 

Inject API

Injects the DLL into a process using its PID, where a DDetours call essentially redirects an API.
This method could use a Hook process specific to a single process to lessen the load on the system.
Easiest Way to Test:

  • Run two instances (same bitness)
  • Copy the PID from the first to the second instances
  • Attach to the first from the second instances
  • Try to terminate the first instance

 

  • hope that helps

 

Share this post


Link to post
4 hours ago, BlueOrange said:

Im with a little problem. Im trying to create a delphi Dll with a form in RAD Studio, but i don't know how to make it load with DllMain.

You already asked this on StackOverflow, and were basically told DON'T DO THIS, IT IS NOT SAFE!

https://stackoverflow.com/questions/66233151/

Edited by Remy Lebeau

Share this post


Link to post

It's still not clear. Are you wanting to use the CreateRemoteThread technique, where you allocate memory in the victim process which contains the name of your DLL and then your thread procedure calls LoadLibrary? 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×