Anti dll-injection mechanism in ramdiskws.exe

Started by gvalkov

gvalkov

Anti dll-injection mechanism in ramdiskws.exe   22 December 2014, 06:37

I am developing an application that uses SetWindowsHookEx() to monitor events in other applications. There seems to be some kind of protection that is preventing me from injecting into your application. I respect your will to keep third-party DLLs from injecting into your code. So if I detect I'm running inside ramdiskws.exe I TRY to return FALSE from DllMain() to prevent loading my DLL. The problem is that my code gets killed in the middle by your protection then windows attempts to re-inject it. This repeats hundreds of times every second leaking memory as you don't even let my DLL any chance to clean-up.
SoftPerfect Support forum - Andrew avatar image

Re: Anti dll-injection mechanism in ramdiskws.exe   22 December 2014, 15:45

Since version 3.3 we do not use any software protection mechanisms, as in that version the application was made freeware and thus became a regular PE binary produced by Delphi. I am afraid I don't know what causes your issues.
gvalkov

Re: Anti dll-injection mechanism in ramdiskws.exe   23 December 2014, 04:16

Hi Andrew!
Thank you very much for your quick replay!

I thought there was some sort of protection, because out of many programs that I tested for compatibility, ramdiskws.exe was the only one that showed issues when my code gets injected. After your replay I analysed my entire code base and found the reason: division by zero inside a constructor for a global object. For some reason the rest of the programs continue to function and ignore this error. What's odd, the debugger (Visual Studio 2010) doesn't catch the exception. The result was never used. ramdiskws.exe aborts the rest of the DLL code, so I can't get to DllMain() to attach or the destructors to clean up.

After resolving my own mistake, I can inject my code into ramdiskws.exe. BTW I'm working on a tool that snaps windows to screen edges or other windows and I hope to release it soon as open source. smile Thank you for your help! All resolved now.

I wish you a Merry Christmas and Happy Holiday!

George

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **  **     **  **     **  **    **  **     ** 
 ***   ***   **   **   ***   ***  **   **   **     ** 
 **** ****    ** **    **** ****  **  **    **     ** 
 ** *** **     ***     ** *** **  *****     **     ** 
 **     **    ** **    **     **  **  **    **     ** 
 **     **   **   **   **     **  **   **   **     ** 
 **     **  **     **  **     **  **    **   *******  

Message: