Does AutoHotkey_H Mitigate DLL Injection ?

[elmo]

Hello,

I recently saw a demo wherein "DLL Injection" occurred with an AutoHotkey_L executable. I do not understand "DLL Injection" or exactly what happens when compiling but "assume" that user32.dll is included in the exe. Does AutoHotkey_H behave the same way ?

Thank you in advance for your time and attention.

[HotKeyIt]

See https://autohotkey.com/board/topic/8530 ... ntry544650

[elmo]

HotKeyIt,

Thank you for the timely response. I followed the link and it "appears" to describe how you can inject autohotkey commands in to other programs. Of course I do not understand the process so I could be reading it wrong.

My interest is to keep other programs from interacting with MY compiled autohotkey scripts. So I am curious whether your AutoHotkey_H distribution reduces, or complicates, or (hopefully) blocks external programs from affecting my programs.

I have never tried AutoHotkey_H but would try it immediately if it makes my compiled exe programs more secure against dll injection.

Again, thank you for you time and attention.

[guest3456]

My interest is to keep other programs from interacting with MY compiled autohotkey scripts. So I am curious whether your AutoHotkey_H distribution reduces, or complicates, or (hopefully) blocks external programs from affecting my programs.

I have never tried AutoHotkey_H but would try it immediately if it makes my compiled exe programs more secure against dll injection.

Dll Injection is a feature of Windows so I don't think any software can prevent it.

[elmo]

guest3456,

Wow, now that is interesting. Then why is it generally treated as a negative feature if any Windows program can be subjected to it?

Are there different kinds; ie. off system versus same OS context?

No need to respond because you have answered the questions, and clearly, I am now just trying to learn more so I can explain it to my team

[elmo]

HotKeyIt,

Apologies for revisiting the original question even after guest3456 provided a general answer.

Do exe programs created with your AutoHotkey_H compiler respond to dll injection differently than programs created with AutoHotkey_L ?

Thanks again from a layperson.

[HotKeyIt]

No, with regards to Dll injection it is the same.
There are still ways to prevent Dll injection but you can't protect it 100%.
AHK_H has some anti-debugging features as well as source code protection, but dll injection is just a windows feature.

[elmo]

HotKeyIt,

Copy that and thank you for your expert input. At least I can say with confidence that my programs have the same characteristics as any other programs. Guess that makes dll injection a feature, and NOT a bug.

As for source code protection, that is also of interest. However, even after reading and re-reading descriptions of how to install and use AutoHotkey_H, it does not entirely make sense.

It "appears" there is a source code method and also a "replace files" method. I am not clear on whether the "file replace" method actually obfuscates the code or if I would HAVE to compile the source to achieve that benefit.

Is there a "best practices" description of the install process here on your forum that you can point me to in the event that I overlooked it?

Again, your time and expertise are greatly appreciated.

[HotKeyIt]

To have proper protection you will need to recompile AutoHotkey.exe with a different password from the source code: https://github.com/HotKeyIt/ahkdll
Password AutoHotkey is hardcoded here: https://github.com/HotKeyIt/ahkdll/blob ... .cpp#L3200
And you need the proper length for the password which is defined in g_default_pwd, search source for this variable!
You will need at least change the password or even better replace it with a function that generates a password dynamically based on index.