softwarehowto.com
  Home Contacts Partners Add Software Remove Manuals
 
System safety monitor: Library (DLL) rules setup global windows hook with library (DLL)
 
Introduction
System Safety Monitor
Hotkeys
   
Tutorial
Install SSM
Create Rules
Setup Logging
Enable Applications Rules
Create Rules in Learning Mode
Enable Modules
Setup Windows Filters
   
Preferences
Process Monitor
Rules
Application Rules
Library (DLL) Rules
Driver Rules
Registry Rules
Network Rules
   
Modules
INI-files Module
Start Menu Module
Services Module
Window Filter Module
Layered Service Provider Module
Hooks Module
NetStat Module
Modules Alerts Dialog
 
Buy System Safety Monitor Online! Buy System Safety Monitor Online!

Library (DLL) Rules

Library (DLL) rules are displayed on the "Rules"->"Libraries" tab.

Library rules

example purchase orders formatting usb drives free sms services
install maker key stroke logger ntfs data recovery software
recover data hard disk text sms unerase deleted files

Overview

Library rules are applied if an application is about to setup a global windows hook (inject) with some library (DLL). When a program is trying to inject a library for which no rule exists, SSM pop-ups "DLL Injection" Application Activity dialog and prompts the user to create a permanent or temporary (one time) rule. On attempt to inject an updated/modified library for which an enabling rule exists, SSM will ask user's permission to recalculate the rule checksum.

Advanced properties

Configure library rules

In this window user defines which groups and applications can inject the given library.

Advanced properties for Library Rules

Actions for particular group or application in the list:

  • "Prevent injection" (Prevent injection) - the group/application is not allowed to inject this library (by means of global windows hook);
  • "Allow injection" (Allow injection) - the group/application is allowed to inject this library (by means of global windows hook);
  • "Default" (Prevent injection, Allow injection and Ask user accordingly):
    • for group: the group's action that is set in group's Advanced Properties for libraries
    • for non-group: action, inherited from the group.

Action checkbox coloring: If the particular group/application in the list uses the default action, then the action's checkbox has grey color. Reset settings The list's context menu has a special command to set all actions to default: "Reset everything to default". Groups get the default action (see about defaults in "Advanced Properties"), non-groups inherit the group's action.

Finding group/application in the list: To quickly find the particular group/application press [Ctrl]+[F] or select the "Find..." item in the context menu, then input full or partial name or path. The first matching record will be highlighted. To go to the next record press [ENTER]. The arrows allow navigating to the next up and down record matching the input text. Button "Select all" allows to highlight all matching records. To close the "Find" panel click "Close" button, or press [Esc].

Special permissions

Logging tab

Library objects logging options

  • Enable logging: If you set then SSM will use settings from "Logging" section in "Options" tab.

Options tab

Library objects options

  • Protects rule from deletion: when "Remove rules for non-existent files" is executed, this rule by default is unchecked for deletion.
  • Don't verify checksum (NOTE: this option is unchecked and disabled for "Checksum rule" object type rules and it is not available for "Library (folder)" object type rules)
    Do not perform the library checksum (MD5 or SHA256) check when the library is being "injected" (via a windows hook installation).
  • Include subfolders (NOTE: only for "Library (folder)" object type rules). Specifies whether settings are applied to libraries in the subfolders.
Buy System Safety Monitor Online! Buy System Safety Monitor Online!
 
Home Contacts Partners Add Software Remove Manuals