I was particularly fascinated by the ease with which it can be done.
Just few simple steps of
a) OpenProcess to get the target process handle
b)VirtualAllocEx to get memory in target process
c)WriteProcessMeory to write name of the dll to be injected in target process's image
d)CreateRemoteThread to create a remote thread in target process
e)LoadLibrary to load the dll in target process.
f)cleanups (dont forget them)
But I was wondering that in hook if, in target process, you inject a dll which have functions names common to already existing functions in target dll, what will happen. For e.g, my target process has functions like getenv and I inject another dll containing getenv definition into that target process, what will happen. When a call to getenv is made, which definition will be called? The one that is present in target process or the one that is present in injected dll.?
My question might look naive but I am naive in windows
Will check out more on hooks.
It is somewhat similar to probes provided by AIX or dtrace provided by Solaris. (Though probes are much more sophisticated and powerful mechanism). But there is a restriction to probes. We cant have probe on any function we want, kernel must have provided a point for that. Although, kernel has provided thousands of probe points already, so its very likely that you will ever encounter this restriction.