PE-inject 1.0


Functions in injected DLL file

The DLL file, which is injected into host executable should contain at least one of the following functions. These functions are called by different occasions and in different situations. It is up to you to decide, what code do you have to put into them.

void BeforeHandlers(
  STUB_CONFIGURATION *config
);

This function is called right after the initialization of the embedded code. If you are working on an executable packer or a simple executable crypter, this is the right place to put decompression or decryption code. After this function finishes, the import and relocation routines start to make their job (if the corresponding flags in InjectFile() were set). These routines handle all the required stuff to start the executable.

void AfterHandlers(
  STUB_CONFIGURATION *config
);

Right after the relocations and import handling routines finished, PE-inject stub tryes to call this function. Here, you can do additional tasks, for example, redirect some imported functions to new addresses. All routines from PE-inject stub did already run and all changes you commit will be preserved. 
void DllMain(
  HANDLE hModule,
  DWORD dwReason,
  LPVOID lpReserved )
);

If the host executable is a DLL file, the DllMain function will be called with the same parameters as the host DLL's entrypoint will get. This function is called by several occasions like PROCESS_ATTACH, PROCESS_DETACH, etc.