Injecting the DLL into the address space of the process.There are various ways to inject a DLL using this approach. This method takes the DLL and forces the executable to load it at runtime, thus hooking the functions defined in the DLL. Injecting the DLL by creating a new process.Overwriting the address of the function with the custom function’s address.We must understand that there are various methods to hook an API: By doing so, we can also track what user is doing and possibly gather more and more information about the user or the network in which we’re located.įirst, let’s talk a little about API hooking. That would defeat the whole purpose of the attack, so it’s best to remain undetected as long as possible. Once we’ve gained total control over the system, we must protect ourselves from being detected by the user or system administrator. But you might ask why would we want to do anything to the system or processes running on the system if we already have a full access to it? There is one single reason: to avoid detection. The methods assume we already have complete control over the system. This is why these methods cannot be used in a normal attack scenario where we would like to gain code execution on the target computer. For injecting a DLL into the process’s address space, we must have administrator privileges on the system so that we’ve completely taken over the system at that time. In this tutorial, we’ll take a look at various methods that we can use to inject a DLL into the process’ address space.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |