madshi wrote:Well, you can kind of work around it. Your dll can during initialization check whether you're running inside of ZoneAlarm. If you do, just let DllEntryPoint fail (in Delphi by setting ExitCode to something <> 0). Then your dll will be unloaded again at once.
Since my hook dll is injected system wide, but is only required by a few known processes, this seems like a great way to inject only into the required processes. I call ProcessIdToFilename then filter against a file-mapped list of programs I want to inject in to.
However, I keep getting access violations when the library unloads from a failed DllEntryPoint call.
In order to debug this problem, I wrote a simple (non-hook) dll that creates an simple object in DLL_PROCESS_ATTACH and frees it in DLL_PROCESS_DETACH. I can then load and unload this library with no errors, as you would expect.
However, if I set the ExitCode to <> 0 in DLL_PROCESS_ATTACH (to mimic my filtering in the hook dll), I get '... raised too many consecutive exceptions...' and a 216 runtime error. Incidentally, if I do not create the object in DLL_PROCESS_ATTACH, I do not get an access violation.
I realize that this is not a madcodeHook problem (perhaps I should be asking this on EE), but I feel that it would be useful if my program only injects into the processes it needs to.