Processes 2
Steps for DLL injection
- Call
OpenProcess()
to getHANDLE
for the process - Use
VirtualAllocEx()
to allocate memory inside the process - Use
WriteProcessMemory()
to copy path to DLL into the process - Use
CreateRemoteThread()
to create a new thread in the process- Start
LoadLibrary()
as the thread routine - Pass the address of the DLL path as data to the thread
- Start
Direct Injection
- Related Technique - Inject code directly rather than path to DLL
- Use
VirtualAllocEx()
to allocate memory - need to ensure it is marked as executable WriteProcessMemory()
used to copy over codeCreateRemoteThread()
used to start code- Harder to write code for this - code isn't loaded so will need to find address of API function itself
Non-Traditional Loading
- Code knows where the stack is (using esp)
- Can use this to create structures or store strings, by pushing the relevant values and capturing the address
....
Thread Environment Block
- Every thread on a Windows program has an associated Thread Environment Block..
Process Environment Block
- Part of the kernels data structures about each process
- Fortun...
Starting a Process
- Windows provides API calls that ca.....