Self Injecting DLL by Aphex

posted 19 Aug 2010, 18:26 by Delphi Basics
  Self Injecting DLL by Aphex

  A .CPL file is a Control Panel Extension. It is intended
  to be a source of dialogs for configuring certain system
  aspects. In reality it is an ordinary DLL with a special
  export. This export is what the shell uses to interface
  the different dialogs within the CPL. If this export is
  not found the CPL will be immediately unloaded.

  For our purposes we rely on the CPL being unloaded. Any
  normal DLL that is renamed to CPL will have it's entry
  point called when double clicked. This gives the DLL a
  pseudo-executable nature. Allowing it to actually inject
  itself into a foreign process.

  Greets to Positron for mentioning CPLs to me. :)
Delphi Basics,
19 Aug 2010, 18:27