Page 1 of 1
securing a DLL injection
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Sun Sep 28, 2008 11:31 am
by Pilgrim
Is there an easy way with MHS to make it so when you Inject your DLL into the running process no one can tell it is there/ or no one can see the memory changes the injected DLL creates?
Something like a password, or something that blocks them from seeing memory modification?
Thanks.
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Sun Sep 28, 2008 11:35 am
by L. Spiro
It is possible to write a script that modifies the Windows kernal to do this, however this is very advanced and I will not explain the process.
And generally you would make your own stand-alone tool to do this anyway.
If you want your DLL to be injected quietly, force-load it into all processes and change it every time. Change its header, size, CRC, etc.
L. Spiro
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Sun Sep 28, 2008 11:38 am
by Pilgrim
Is force loading it something I can do in MHS?
I think i might need a little bit of elaboration on how to do this :/
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Mon Sep 29, 2008 8:24 am
by spunge
An EXE with a reloc section that injects itself. =)
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Mon Sep 29, 2008 4:39 pm
by L. Spiro
Research AppInit_DLLs.
L. Spiro
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Wed Oct 01, 2008 6:10 am
by Pilgrim
Hey I'm looking into this, very cool.
With the AppInit_DLL, Could I just add my own dll that is being loaded?
So it loads in windows as opposed to the actual exe and still works?
Thanks again.
Oh okay, I see in the AppInit_ the dll running is wbsys.dll
if i wanted to add another dll (My dll) could I just seperate wbsys.dll, mydll.dll like this and add it? (without binary modification)?
Could something so cool be so simple?
Thanks again.
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Wed Oct 01, 2008 9:04 am
by L. Spiro
Just add your DLL to the list and it loads into every Windows process (almost).
L. Spiro
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Wed Oct 01, 2008 10:39 am
by Pilgrim
Do I just edit the string of Appinit_dll like so wbsys.dll, mydll.dll
Wbsys.dll is what is already running, so do i just put my .dll in there seperated by a comma? I just tried this to no avail.
Thanks again.
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Wed Oct 01, 2008 1:14 pm
by L. Spiro
There are plenty of tutorials on how to do this.
Nothing I say would be any better than what is said in the tutorials.
L. Spiro
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Thu Oct 30, 2008 5:49 am
by Pilgrim
Hey I was wondering if putting my DLL in the windows/system folder would be bad, or if there was some special way to do this. I don't want to put it in there and have windows crash, even though the tutorial said to put it into your system folder.
Thanks again.
![Post Post](./styles/prosilver/imageset/icon_post_target.gif)
Posted:
Thu Oct 30, 2008 6:26 am
by L. Spiro
Everything you install on your computer except MHS puts things in that folder. Of course there is no difference if you put something there yourself.
L. Spiro