What is Code Injection?
Code injection is common in Windows. Applications will kendi inject ın unless they are running another piece of their code to change the behavior. This technique can be used for good or evil, but either way can cause problems.
Code injection is also commonly referred to as DLL injection, because the injected code is usually in the form of a DLL (dynamic link library) file. However, applications may also inject other code types that are not a processing DLL.
What is Code Injection?
Adding code is used to perform all kinds of tricks and functionality in Windows. Legitimate programs are also used by malicious software when using it. For example:
- Antivirus programs often inject code into web browsers. They can, for example, use network traffic to monitor and block dangerous web content.
- Malicious programs can add code to your web browser to better track your scan, steal protected information such as passwords and credit card numbers, and change your browser settings.
- Stardock ‘s desktop to create a theme for the WindowBlinds, the code to change the way the code is injected.
- Stardock’s Fences inject code to change the way the Windows desktop works.
- AutoHotkey, which allows you to create scripts and assign system-wide shortcut keys to them, injects code to accomplish this.
- The graphics driver, like NVIDIA, injects DLLs to perform tasks related to various graphics.
- Some programs inject DLLs to add additional menu options to an application.
PC game cheat tools often inject code into games to change their behavior and gain an unfair advantage over other players.
Is Code Injection Bad?
This technique is continuously used by a wide variety of applications in Windows. This is the only real way to accomplish various tasks. Compared to a modern mobile platform such as Apple’s iOS or Googleil Android, Windows desktops are very powerful because they offer such flexibility to developers.
Of course, all this comes with some dangers of power. Code injection can cause problems and errors in applications. Google says that Windows users who have been injected with code into Chrome browsers are 15% more likely to experience Chrome crashes, so Google is trying to block it. Microsoft indicates that code injection can be used by malicious applications to interfere with browser settings, and is therefore already blocked on Edge.
Microsoft also provides instructions for checking if third-party DLL files are installed in Microsoft Outlook because they cause a large number of Outlook crashes.
As a Microsoft employee puts on a developer blog in 2004:
Ild DLL injection is never safe. You are referring to the conversion of a code to a process that has never been designed, created, or tested by the author of the process, and to select or create a thread to run that code. You run the risk of creating pre-existing timing, synchronization, or resource issues or exacerbating problems that are there. Önceden
In other words, code injection is like a dirty hack. In an ideal world, there will be a safer path that does not cause potential imbalance to accomplish this. However, adding code is a normal part of the Windows application platform today. Windows is constantly in the background on your PC. You can call it a necessary evil.
How to Check Injected DLLs
With Microsoft’s powerful Process Explorer application, you can control code injection on your system. Basically, it is an enhanced version of the Task Manager that is full of additional features.
If you want to do so, download and run the Process Explorer. Click View> Sub-pane View> DLL or press Ctrl + D.
Select a process in the top pane and see the lower pane to see the loaded DLLs. The lar Company Name için column provides a useful way to filter this list.
For example, it is normal to see DLLs that are produced by ’Microsoft Corporation ve and that have various versions of Windows. It is also normal to see DLLs made by the same company in the process in question – in the case of Chrome in the screenshot below işlem Google Inc. söz.
We can also find several DLLs made by bula AVAST Software ın here. This shows that Avast antimalware software in our system injects a code like kod Avast Script Block filter library “into Chrome.
If you find code injection on your system, there’s not much you can do except remove the program injection code to avoid problems. For example, if Chrome crashes regularly, you may want to see if there is any program that injects code into Chrome and remove them to prevent them from interfering with Chrome’s actions.
How Code Injection Works
Adding code does not change the underlying application on your disk. Instead, he / she waits for the application to work and adds additional code to this operation to change the way it works.
Windows includes several application programming interfaces (APIs) that can be used for code injection. A process can add itself to a target processing, allocate memory, write a DLL or other code to that memory, and then request the target process to execute the code. Windows does not prevent this process from interfering with your computer.
For more technical information, you can review blog posts explaining how developers can inject DLLs and look at other code injection types in Windows.
In some cases, someone can change the basic code on the disk – for example, by replacing a DLL with a modified code that comes with the PC game to provide deception or piracy. This is not technically ”code injection Bu. The code is not injected into a running process, but the program is tricked to load a different DLL with the same name.