Howto call MessageBox in dllmain

Question

I'm creating a little dll to use in a DLL-INJECTION POC (proof-of-concept). I'm using codeblocks' c++ ide.

My dll's main (dllmain) looks like this:

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    MessageBox(0, "myfirstdll loaded", "SUCCESS STATUS", MB_OK);
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            // attach to process
            // return FALSE to fail DLL load
            break;
        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

Now, when I load the dll (using LoadLibrary) from a client program (hopefull, it loads!), my message box doesn't pop. This is quiet frustrating, since I'm doing a poc. I know about security issues that prevail when we do kernel32.dll, etc.-intensive business in dllmain, but then, my problem here is not security; i simply need to pop a message box right from within dllmain.

So, how can i make my message box pop when the dll is loaded ?

Thanks. But, the dll is loaded indeed, since I get to use a function exported by the dll (the said function works with no troubles). But I can't get message box popped in dllmain. — dohmatob, Dec 04 '11 at 18:38
Use OutputDebugString() and SysInternals' DebugView utility. — Hans Passant, Dec 04 '11 at 18:43
probably message box is calling LoadLibrary. Do what Hans says. — David Heffernan, Dec 04 '11 at 18:46

score 6 · Answer 1 · edited May 23 '17 at 12:14

6

See this question to read about the huge number of limitations in DllMain. It's not just security problems. Anything exported by user32 falls into this category.

In other words, you cannot use MessageBox in DllMain. Use something like OutputDebugString instead, which is in kernel32 and does not display any UI.

edited May 23 '17 at 12:14

Community

1
1

answered Dec 04 '11 at 18:41

tenfour

36,141
15
83
142

a bit late , but why can't you? – Agguro Nov 27 '15 at 17:06
@Agguro: Because UI stuff is allowed to depend on loading DLLs, and you can't load DLLs from DllMain. – Billy ONeal Jun 09 '16 at 01:46

score 2 · Answer 2 · edited Oct 12 '20 at 21:57

2

There's a lot of useful stuff that just can not be done in DllMain. Read all relating articles in Raymond Chen's blog for more info. Can't even delay execution with SetTimer, because that function is in user32.dll, and that library may not be loaded yet.

edited Oct 12 '20 at 21:57

GSerg

76,472
17
159
346

answered Dec 04 '11 at 18:42

Dialecticus

16,400
7
43
103

Thanks. It's such a pity then. I'm looking at the proposed article. – dohmatob Dec 04 '11 at 18:51
OK, the article was quite helpful. Now after roaming awhile, I solved my problem by adding the line: BOOL WINAPI DllMain(HINSTANCE, DWORD, LPVOID); to my dll's main header (main.h), thus 'exporting DllMain' \L/. Now I get my POC popup (notwithstanding the security dangers, but then I'm coding an exploit, not some nice app for a beautiful client :)). Thanks a lot. – dohmatob Dec 05 '11 at 13:42

Howto call MessageBox in dllmain

2 Answers2

Linked