flat assembler
Message board for the users of flat assembler.
Index
> Windows > Inject process problem |
Author |
|
typedef 15 Dec 2011, 21:57
DLL Proxies.. They work all the time, unless if the target process checks it (the DLL)before loading(i.e by way of CRC checksums) But you can still patch it.
|
|||
15 Dec 2011, 21:57 |
|
hihelp 16 Dec 2011, 06:05
Thanks for typedef reply.
I've tested DLL proxy,but it's not ok. WriteProcessMemory,CreateRemoteThread,Dll proxy,all are not allowed. Very abnormal condition, Is there any other way? |
|||
16 Dec 2011, 06:05 |
|
Overflowz 16 Dec 2011, 09:04
There is another way called FWB (Firewall Bypass). Idea is something like this:
Code: 1) CreateProcess with CREATE_SUSPENDED flag. 2) GetThreadContext 3) VirtualProtect 4) UnmapViewOfFile/CreateFileMapping/MapViewOfFile 5) WriteProcessMemory 6) SetThreadContext 7) ResumeThread If you want to run both (Injected code and original application), then try to search "Reflective DLL Injection", It's the best method ever for now |
|||
16 Dec 2011, 09:04 |
|
hihelp 16 Dec 2011, 14:50
Thanks for Overflowz reply.
I'll go to search about 'Reflective DLL Injection'. The example above you said I have tried, but still be blocked......... But Thanks everybody! I will continue to find way! |
|||
16 Dec 2011, 14:50 |
|
revolution 16 Dec 2011, 15:05
hihelp wrote: The example above you said I have tried, but still be blocked......... |
|||
16 Dec 2011, 15:05 |
|
hihelp 16 Dec 2011, 20:19
Yea,my mean is the Antivirus software intercept it.
|
|||
16 Dec 2011, 20:19 |
|
Overflowz 16 Dec 2011, 22:04
hihelp
Reflective DLL Injection is more advanced technique thus, AV's detect it really hard |
|||
16 Dec 2011, 22:04 |
|
typedef 16 Dec 2011, 23:06
Ok. The other way is to patch the process's entry point with a jump or find somewhere like a menu event and patch it with a jump to a LoadLibraryA API, that way the DLL can do the job.
|
|||
16 Dec 2011, 23:06 |
|
hihelp 17 Dec 2011, 06:18
@Overflowz
I've seen the Reflective DLL Injection article,but very hard to read... Thank you so much! @typedef You said patch process,I've try it,^_^,Thannnks |
|||
17 Dec 2011, 06:18 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.