Self Injecting DLL by Aphex

Post date: Aug 20, 2010 1:26:21 AM


Self Injecting DLL by Aphex

A .CPL file is a Control Panel Extension. It is intended

to be a source of dialogs for configuring certain system

aspects. In reality it is an ordinary DLL with a special

export. This export is what the shell uses to interface

the different dialogs within the CPL. If this export is

not found the CPL will be immediately unloaded.

For our purposes we rely on the CPL being unloaded. Any

normal DLL that is renamed to CPL will have it's entry

point called when double clicked. This gives the DLL a

pseudo-executable nature. Allowing it to actually inject

itself into a foreign process.

Greets to Positron for mentioning CPLs to me. :)