34

I'm trying to do exactly what LD_PRELOAD does, i.e. preload a shared library or DLL files on Windows to a given program to override certain functions.

Is there a LD_PRELOAD equivalent for Windows?

I don't have any specific functionalities in mind. I just know that this is possible on Linux, and I'm curious about how overloading a native DLL can be done on Windows.

random
  • 9,774
  • 10
  • 66
  • 83
dm76
  • 4,130
  • 8
  • 35
  • 46
  • 1
    What are you trying to accomplish? There is no direct equivalent – Michael Donohue Jul 24 '09 at 15:03
  • 1
    What functionality do you want to overload? – Michael Donohue Jul 24 '09 at 17:39
  • 1
    Also, is this for a .net managed assembly or for a native dll? – Michael Donohue Jul 24 '09 at 17:39
  • 2
    This is not possible, because the loading and symbol resolution are handled in a completely different way in GNU linker and PE loader. The closest you will get is to write what is sometimes called a "loader" in cracker circles, which implements either the debugger loop and thus can override some stuff when new modules/DLLs get loaded, or simply start the process with main thread suspended, then manipulate the import table or similar (in memory obviously) and then resume the main thread to enforce the modified behavior. – 0xC0000022L Mar 03 '11 at 18:24

1 Answers1

18

AppInit_DLLs.

http://support.microsoft.com/kb/197571

But see also:

AppInit_DLLs should be renamed Deadlock_Or_Crash_Randomly_DLLs

https://devblogs.microsoft.com/oldnewthing/20071213-00/?p=24183

You may also want to look into "DLL Injection". Four approaches (including AppInint_DLLs) are described here:

http://en.wikipedia.org/wiki/DLL_Injection

RavuAlHemio
  • 2,331
  • 19
  • 22
Ben
  • 34,935
  • 6
  • 74
  • 113
  • 1
    Your first link seems to be dead, but here is an archive: https://web.archive.org/web/20190910063245/https://support.microsoft.com/en-us/help/197571/working-with-the-appinit-dlls-registry-value – qbt937 Mar 21 '20 at 19:37