The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.


Win32::Monitoring::DLLInject - Injects code into Win32 programs to overload functions


  use Win32::Monitoring::DLLInject qw(new UnHook StatMailslot GetMessage);

  my $handle = new Win32::Monitoring::DLLInject($process_id, $dll_path);

        my $msg_cnt = $handle->StatMailSlot();

        for (my $i = 0; $i < $msg_cnt; $i++) {
           print $handle->GetMessage(), "\n";



The Win32::Monitoring::DLLInject module provides a mechanism allowing a Perl program to inject (self written) code into a running Windows program or a DLL. This functionality can be used for patching or instrumenting code.

Additionally, a communication channel using a Windows mailslot is set up. This channel can be used for sending information, e.g. status information or time measurements, back to the Perl application that injected the code.

As a bonus, we provide an example for a DLL implementation that allows for adding time measuring to any Win32 application without requiring further modules.

$handle = new($dll_path,$process_id)

Returns an handle to the Win32::Monitoring::DLLInject object which represents the overloaded (hooked) program.


Returns the number of messages in the internal message store (mailslot).


Returns the content of the first message in the message store.


Removes the injected code from the program and restores the original function.


  #! perl

  use Win32::OLE;
  use Win32::Monitoring::DLLInject;
  use Data::Dumper;

  my $WshShell = Win32::OLE->new("WScript.Shell");
  $WshShell->Run("notepad", 5);


  my %processes;

  for my $line (`tasklist /v /nh`) {
     if ( $line ne "" ) {
        my $pid = substr($line, 26, 8);  # extract PID
        $pid =~ s/^ *([0-9]+)$/$1/g;     # remove leading spaces

        my $proc = substr($line, 0, 24); # extract process
        $proc =~ s/\s\s\s*/ /g;          # change multiple spaces to single spaces
        $proc =~ s/\s$//g;               # remove trailing space
        $proc =~ s/ N\/A$//g;            # remove trailing N/A

        $processes{$proc} = $pid;

  my $P = Win32::Monitoring::DLLInject->new($processes{'notepad.exe'},'Y:\\perl\\Win32-Monitoring-DLLInject\\HookedFunctions.dll');

  print Dumper($P);

       my $msg_cnt = $P->StatMailSlot();
       for (my $i = 0; $i < $msg_cnt; $i++) {
           print $P->GetMessage(), "\n";


Webpage: <>


Copyright (c) 2008, 2009 by OETIKER+PARTNER AG. All rights reserved.


Win32::Monitoring::DLLInject is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Win32::Monitoring::DLLInject is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Win32::Monitoring::WindowPing. If not, see <>.


Roman Plessl, Tobi Oetiker