Skip to main content

Processes 2

Steps for DLL injection

Call OpenProcess() to get HANDLE for the process
Use VirtualAllocEx() to allocate memory inside the process
Use WriteProcessMemory() to copy path to DLL into the process
Use CreateRemoteThread() to create a new thread in the process
- Start LoadLibrary() as the thread routine
- Pass the address of the DLL path as data to the thread

Direct Injection

Related Technique - Inject code directly rather than path to DLL
Use VirtualAllocEx() to allocate memory - need to ensure it is marked as executable
WriteProcessMemory() used to copy over code
CreateRemoteThread() used to start code
Harder to write code for this - code isn't loaded so will need to find address of API function itself

Non-Traditional Loading

Code knows where the stack is (using esp)
Can use this to create structures or store strings, by pushing the relevant values and capturing the address

....

Thread Environment Block

Every thread on a Windows program has an associated Thread Environment Block..

Process Environment Block

Part of the kernels data structures about each process
Fortun...

Starting a Process

Windows provides API calls that ca.....

Steps for DLL injection
Direct Injection
Non-Traditional Loading
Thread Environment Block
Process Environment Block
Starting a Process