Injecting a DLL into a Process Space
A version of this page is also available for
4/8/2010
There are times when a DLL must be automatically added to a process space to perform a required action, for example, a debugging tool that tracks some actions.
If neither the source code nor the ability to build the code is available, you are limited in the kinds of debugging you can perform. The kernel can load a DLL into any process space.
To enable this process, add the name of the DLL to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\KERNEL
"InjectDLL" = REG_MULTI_SZ : "MyDLL1.DLL","MyDLL2.DLL",
The data type is REG_MULTI_SZ or an array of strings, which can list more than one DLL. The name of the DLL can contain the full path and file name, or just the file name.
Applications that install DLLs to be injected into a process should append or remove only their specific DLL from the registry.
When a process is created and all implicitly-linked DLLs are loaded, the kernel loads each DLL listed in InjectDLL. Failure to load the DLL does not prevent the application from launching. A DLL could fail to load if the DLL returns FALSE in DllMain or if the application is privileged and the DLL being loaded is not. DLLs can check in DLLMain to determine what process they are being loaded into by calling GetModuleFileName. The values you need to pass are (NULL, &Filename, nSize).