Is DLL Injection impossible in Windows' services.exe process?

c++ / delphi package - dll injection and api hooking
Post Reply
psy2391
Posts: 8
Joined: Thu Feb 11, 2016 3:16 am

Is DLL Injection impossible in Windows' services.exe process?

Post by psy2391 »

When injecting DLL into services.exe on Windows, InjectLibrary returns that the injection was successful, but the actual DLL is not loaded by services.exe.
Please refer to the following code when using InjectLibrary

InjectLibraryW(L"TestDll", L"C:\\Test\\test.dll", ALL_SESSIONS, INJECT_SYSTEM_PROCESSES | INJECT_METRO_APPS, L"services.exe")
iconic
Site Admin
Posts: 1081
Joined: Wed Jun 08, 2005 5:08 am

Re: Is DLL Injection impossible in Windows' services.exe process?

Post by iconic »

Services.exe is a "protected process" in Windows starting with Windows 8.1 forward so it can't be injected, at least not in the traditional sense any way :wink: You can see this in tools such as Process Hacker under the general tab once you double-click it. Protected processes have been around since Vista and, as of Windows 8.1, most system processes are now "protected" such as CSRSS.

Services_Protected.png
Services_Protected.png (25.14 KiB) Viewed 295 times

--Iconic
Post Reply