can a virus interrupt a dll function calls

 

I have a 32 bits executable that calls functions inside a Dll file. When installed, the dll is copied in the same folder of the executable and the system directory (system32 on 32 bit platform and sysWOW64 on 64 bits platforms). I've sucessfully tested this executable on: a Pc with winXP 32 bits, a Virtual Machine with Win7 32 bits, two PCs with win7 64 bits, a laptop with win8 64 bits.

Then a customer gave me a laptop with Win 7 64 bits. It is infected with a virus (those kind of virus that hide all your folders and files in your memory stick and create shorcuts). On this laptop, my executable is unable to find my dll despite it is copied in the respective folders. My exe shows an error message that says "Unable to find mydll.dll".

Is it possible that the virus is interrupting the calls to the dll and messing up with my executable?

Yes, a virus can hook into ("override") LoadLibrary or GetProcAddress and just return a null value.

Then you'll receive this message.
Or it can put itselfs into the dll-loading process (infection) and cause a failure by an unintended malfunction.
It can remove execution permission
Or it can override the dll's magic bytes, so the system does no longer recognize the dll as dll...
Or it can "override" the file listing API, and always return null...
Or it can also recursively load/call itselfs until a stackoverflow occurs (it can also do this with a time-delay, causing seemingly random crashes) or... or... or...

Generally speaking, it's a bad idea to do any testing whatsoever on a machine you know to be infected with a virus. Certainly one that is obviously mucking with the entire system. You literally cannot trust any single thing being said by the system because it is compromised.

So, really this has nothing to do with whether or not your DLL can be seen, bla bla bla... You should be concentrating on wiping the drive on that machine and starting over.

And while you're at it, don't put that thumb drive into another machine. Put it on a Linux box and format it. (virus can't spread that way.)

链接地址: http://www.djcxy.com/p/27844.html

上一篇: 从修补程序移动的文件列表

下一篇: 病毒可以中断一个dll函数调用