c++windowsdll-injectiondllmain

DLLMain() is not being executed after injection


I have written a dll and injector in C++. The dll code is given below:

#include <cstdio>
#include <stdio.h>
#include <windows.h>
#include <string>
#include <fstream>
#include <winsock.h>
using namespace std;
#pragma comment(lib, "wsock32.lib")

extern "C" __declspec(dllexport) void UploadFile()
{
.....
}

INT APIENTRY DLLMain(HMODULE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
{
    switch(fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        MessageBox(0,"Process Attach","Info",MB_OK);
        UploadFile();
        break;
    case DLL_THREAD_ATTACH:
        MessageBox(0,"Thread Attach","Info",MB_OK);
        UploadFile();
        break;
    case DLL_PROCESS_DETACH:
        break;
    case DLL_THREAD_DETACH:
        break;
    default:
        break;
    }
    return TRUE;
}

The dll uploads a particular file to the server. I am successfully able to inject the dll into "notepad.exe" using LoadLibrary() and CreateRemoteThread() but it is not being executed. Not even the dllmain() function. Dont know what is wrong.


Solution

  • As Dirk has already stated, the DLL entry point is named DllMain(), not DLLMain(). The signature for DllMain() is:

    BOOL WINAPI DllMain(
        HINSTANCE hinstDLL,
        DWORD fdwReason,
        LPVOID lpvReserved
    );
    

    From Best Practices for Creating DLLs , you should never perform the following tasks from within DllMain():

    ...Call functions in User32.dll or Gdi32.dll. Some functions load another DLL, which may not be initialized...

    MessageBox() is implemented in User32.dll so this may be a possible cause of DllMain() appearing to not be invoked.

    It is unwise to perform any time consuming tasks with DllMain() as it will prevent the application loading any other DLLs that is requires, as the loader lock is held when inside DllMain(). Instead, spawn a thread to perform any time consuming task. The linked document advises against using CreateThread() but only if synchronization is involved.