Howto call MessageBox in dllmain

4
votes

I'm creating a little dll to use in a DLL-INJECTION POC (proof-of-concept). I'm using codeblocks' c++ ide.

My dll's main (dllmain) looks like this:

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    MessageBox(0, "myfirstdll loaded", "SUCCESS STATUS", MB_OK);
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            // attach to process
            // return FALSE to fail DLL load
            break;
        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

Now, when I load the dll (using LoadLibrary) from a client program (hopefull, it loads!), my message box doesn't pop. This is quiet frustrating, since I'm doing a poc. I know about security issues that prevail when we do kernel32.dll, etc.-intensive business in dllmain, but then, my problem here is not security; i simply need to pop a message box right from within dllmain.

So, how can i make my message box pop when the dll is loaded ?

2
c++windowsdll
Please format your code. - Roman Byshko
Check LoadLibrary result, probably DLL wasn't loaded. - Abyx
Thanks for the remark; that was dirty indeed. - dohmatob
@tenfour, please make this an answer. - Simon Richter
Use OutputDebugString() and SysInternals' DebugView utility. - Hans Passant

2 Answers

6
votes

See this question to read about the huge number of limitations in DllMain. It's not just security problems. Anything exported by user32 falls into this category.

In other words, you cannot use MessageBox in DllMain. Use something like OutputDebugString instead, which is in kernel32 and does not display any UI.

2
votes

There's a lot of useful stuff that just can not be done in DllMain. Read all relating articles in Raymond Chen's blog for more info. Can't even delay execution with SetTimer, because that function is in user32.dll, and that library may not be loaded yet.