Today I am going to show you yet another debugging mechanism that allows to load a couple of phantom DLLs.<\/p>\n
This time the culprit is DirectX.<\/p>\n
The DirectX is pretty much a standard for programming anything that is multimedia-related on Windows. Since this includes games, animations, demos, as well as video players, picture viewers, etc. the phantom DLLs (they are debug DLLs in this case) can be easily made persistent because they will be loaded anytime one of such DirectX-aware applications starts.<\/p>\n
Dropping one (or both) of these DLLs:<\/p>\n
in one of the directories covered by the PATH variable and adding the following Registry Entry<\/p>\n
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Direct3D]\r\n@=\"\"\r\n\"LoadDebugRuntime\"=dword:00000001\r\n\r\n<\/pre>\nwill ensure that these DLLs will be loaded anytime a Direct\u00a0X (its component called Direct 3D)\u00a0is being used by some application. They are loaded by respective Direct X versions (8 or 9).<\/p>\n
To test on XP (DirectX version 8 still is being used by dxdiag):<\/p>\n
To test on Win 7 (DirectX version 8 doesn’t seem to be used by dxdiag, but DLLs are present and applications loading Direct X 8 libraries will _still_ load the DLLs):<\/p>\n
In other words, it should work on all OSes that have the Direct X 8 or 9 installed.<\/p>\n
You may be wondering if the same trick works for newer versions of DirectX.<\/p>\n
It does.<\/p>\n
The naming convention stays the same (e.g. d3d10d.dll, d3d11d.dll), but the major change is that:<\/p>\n
HKEY_CURRENT_USER\\Software\\<\/pre>\nMicrosoft\\Direct3D\\dxdiag\\<\/pre>\nD3D10LoadDebugRuntime=1<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
Today I am going to show you yet another debugging mechanism that allows to load a couple of phantom DLLs. This time the culprit is DirectX. The DirectX is pretty much a standard for programming anything that is multimedia-related on … Continue reading