1. Win32 Programming Lesson 21: DLL Magic

2. Where are we?  We’ve looked at DLLs from a build/link/execute perspective, as well as some more advanced techniques  Today, start looking at Thread Local Storage and DLL interception >:)

3. Thread Local Storage (TLS)  What does the strtok function do?  How does it work?  What happens in a multithreaded environment?

4. TLS  Provides simple method for storing variables on a per-thread basis  Two types: dynamic and static; we’ll be looking at both.

5. Supporting Structures

6. So…  We call: DWORD TlsAlloc(); Returns TLS_OUT_OF_INDEXES if no storage is available Else, returns an index number which can be used to store a DWORD BOOL TlsSetValue( DWORD dwTlsIndex, PVOID pvTlsValue );

7. Cleaning Up  It’s C++, so there’s not a lot of cleaning up done for us… PVOID TlsGetValue(DWORD dwTlsIndex); BOOL TlsFree(DWORD dwTlsIndex);

8. Using Static TLS  Can also do this: __declspec(thread) DWORD gt_dwStartTime = 0; Creates a.tls section Allocates the necessary storage automatically

9. DLL Injection  So, life can be interesting  Windows provides limited process isolation  But sometimes we want to “hook” into another process  One way to do this is by leveraging DLLs

10. Danger, Will Robinson  Some of these techniques will make global changes to how your computer functions. You need to carefully decide whether to do this on your main machine, or if a VM is a better option. You have been warned!  (That said, I do this all on my own laptop…)

11. The Trick  What are we actually trying to do?

12. Registry  HKEY_LOCAL_MACHINE\Software\Micro soft \Windows NT\CurrentVersion\Window s\AppInit_DLLs  Hmmm. Advantages? Drawbacks?

13. Drawbacks…  You must restart your computer  Only mapped into processes which use User32.dll  You’re in *every* GUI app…  … for it’s entire lifetime

14. Better…  SetWindowsHookEx SetWindowsHookEx E.g: HHOOK hHook = SetWindowsHookEx( WH_GETMESSAGE, GetMsgProc, hinstDll, 0 ); Why hinstDll?

15. Walkthrough  DIPS