Concept Question: Multiple Injection Libraries

[mikecollins]

Hi all,

Been a while since I've been actively developing with madCodeHook and have returned again raring to go (although I’m waiting for a reply from madshi on buying an upgrade ).

I’m working on a proof of concept design and I have a conceptual question regarding injection. I potentially have three produce lines that have three distinct needs for injection. For example, imagine an injection library to prevent process tampering(1), another to control application launch (2) and a third to carry out some network monitoring (3).

Product A needs process tamper protection (1), product B needs tamper protection and application launch control (1 & 2) and product C needs all three (1, 2 & 3).

All three injection libraries could be merged into one library and the various features (or API hooking) toggled on or off based on configuration settings. However, for a multitude of reasons, I would prefer to develop three different injection libraries (size, stability, maintenance, speed of development etc).
So my question is: can multiple libraries be injected from a process by making multiple calls to InjectLibrary()? If so, are there any potential issues?

Many thanks in advance,

Best regards

Mike

[madshi]

Injecting multiple dlls should be no big problem. However, I'd recommend to use only one driver, because every driver takes one "process notification spot", and those are limited resources. You can combine all your hook dlls into one driver, but you'll have to reconfigure and resign the driver everytime one of the hook dlls changes. If driver configuration and signing sounds all new to you, yes, that's all new in madCodeHook 3.x. The documentation will tell you all the ugly details about that.

In terms of size and stability I believe using only one hook dll would not be worse. It might be equal or even better than 3 separate hook dlls. Can't say anything about maintenance and speed of development. In the end it's your call whether you want to use 1 or 3 hook dlls. Functionality wise it shouldn't make much of a difference...