When a dll is loaded into a program force or normal it has an area that is always called no matter what.

between
dllEntry PROC
dllEntry endp

it is always called

so if you want to find the curent process that calls that dll all you have to do is.
.586

.MODEL FLAT,STDCALL

INCLUDE \masm32\include\Windows.inc
INCLUDE \masm32\include\Kernel32.inc
INCLUDE \masm32\include\User32.inc
INCLUDELIB \masm32\lib\Kernel32.lib
INCLUDELIB \masm32\lib\User32.lib

.DATA
WindowName db "The Names of the window",0

.DATA?
Finished dword ?
BLANK2 dword ?
FoundIT dword ?

.CODE
dllEntry PROC
cmp Finished,01h
je YepFinished
invoke FindWindowA,NULL,offset WindowName
cmp eax,00h
je YepFinished
mov Finished,01
invoke GetWindowThreadProcessId,eax,offset BLANK2
invoke OpenProcess,PROCESS_VM_READ or PROCESS_VM_WRITE or PROCESS_VM_OPERATION,0,BLANK2
mov FoundIT,eax
YepFinished:
ret
dllEntry endp
END dllEntry
FoundIT has what you need.

Im posting this for people who want to know this because no one would help me with it. so i figure others did to.

this is help full if you use a hooked dll and you want to process something once the dll loaded into the programs memory.
Posted on 2002-12-15 13:23:34 by devilsclaw
Uhmm ...... Not to bother you, but ....


so if you want to find the curent process that calls that dll all you have to do is.


It won't find the currentprocess, but just the process with the window named "The Names of the window" ..... or am I mistaken?

Far as I can see, you have to give it a name of some window, for it to work. Or will FindWindow return a handle to the topmost window of the current process? Seems unlikely to me.

Fake
Posted on 2002-12-15 15:19:52 by Fake51
well true. but is does do what i said also just a diff way of doing it. im sure if you dont know the name of the window you will need to try a diff approch.
Posted on 2002-12-15 16:00:12 by devilsclaw
Hi,

Since your DLL is run as the process that calls it, all you need to do is:



invoke GetCurrentProcessId
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax


but since you're run as the current process, you don't need to use WriteProcessMemory, CreateRemoteThread etc. you can just do it.

-stormix
Posted on 2002-12-15 17:09:54 by stormix
Well i found a new way to get the process info that is faster and you dont need the windows name.

this will get the id of the current process that your dll is in.
dllEntry        PROC    hInstance,fdwReason,lpvReserved


.IF fdwReason==DLL_PROCESS_ATTACH
call addon_02
invoke GetCurrentProcessId,NULL
invoke OpenProcess,PROCESS_VM_READ or PROCESS_VM_WRITE or PROCESS_VM_OPERATION,0,eax
mov ReturnValue,eax
.ELSEIF fdwReason==DLL_PROCESS_DETACH
.ENDIF
mov eax,1
ret
dllEntry ENDP
Posted on 2003-01-02 03:54:34 by devilsclaw