Is there an easy way with MHS to make it so when you Inject your DLL into the running process no one can tell it is there/ or no one can see the memory changes the injected DLL creates?
Something like a password, or something that blocks them from seeing memory modification?
Thanks.
securing a DLL injection
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
11 posts • Page 1 of 1
securing a DLL injection
by Pilgrim » Sun Sep 28, 2008 11:31 am
- Pilgrim
- I Have A Few Questions
- Posts: 8
- Joined: Tue May 20, 2008 12:43 pm
by L. Spiro » Sun Sep 28, 2008 11:35 am
It is possible to write a script that modifies the Windows kernal to do this, however this is very advanced and I will not explain the process.
And generally you would make your own stand-alone tool to do this anyway.
If you want your DLL to be injected quietly, force-load it into all processes and change it every time. Change its header, size, CRC, etc.
L. Spiro
And generally you would make your own stand-alone tool to do this anyway.
If you want your DLL to be injected quietly, force-load it into all processes and change it every time. Change its header, size, CRC, etc.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by Pilgrim » Wed Oct 01, 2008 6:10 am
Hey I'm looking into this, very cool.
With the AppInit_DLL, Could I just add my own dll that is being loaded?
So it loads in windows as opposed to the actual exe and still works?
Thanks again.
Oh okay, I see in the AppInit_ the dll running is wbsys.dll
if i wanted to add another dll (My dll) could I just seperate wbsys.dll, mydll.dll like this and add it? (without binary modification)?
Could something so cool be so simple?
Thanks again.
With the AppInit_DLL, Could I just add my own dll that is being loaded?
So it loads in windows as opposed to the actual exe and still works?
Thanks again.
Oh okay, I see in the AppInit_ the dll running is wbsys.dll
if i wanted to add another dll (My dll) could I just seperate wbsys.dll, mydll.dll like this and add it? (without binary modification)?
Could something so cool be so simple?
Thanks again.
- Pilgrim
- I Have A Few Questions
- Posts: 8
- Joined: Tue May 20, 2008 12:43 pm
by Pilgrim » Wed Oct 01, 2008 10:39 am
Do I just edit the string of Appinit_dll like so wbsys.dll, mydll.dll
Wbsys.dll is what is already running, so do i just put my .dll in there seperated by a comma? I just tried this to no avail.
Thanks again.
Wbsys.dll is what is already running, so do i just put my .dll in there seperated by a comma? I just tried this to no avail.
Thanks again.
- Pilgrim
- I Have A Few Questions
- Posts: 8
- Joined: Tue May 20, 2008 12:43 pm
by L. Spiro » Wed Oct 01, 2008 1:14 pm
There are plenty of tutorials on how to do this.
Nothing I say would be any better than what is said in the tutorials.
L. Spiro
Nothing I say would be any better than what is said in the tutorials.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by Pilgrim » Thu Oct 30, 2008 5:49 am
Hey I was wondering if putting my DLL in the windows/system folder would be bad, or if there was some special way to do this. I don't want to put it in there and have windows crash, even though the tutorial said to put it into your system folder.
Thanks again.
Thanks again.
- Pilgrim
- I Have A Few Questions
- Posts: 8
- Joined: Tue May 20, 2008 12:43 pm
by L. Spiro » Thu Oct 30, 2008 6:26 am
Everything you install on your computer except MHS puts things in that folder. Of course there is no difference if you put something there yourself.
L. Spiro
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
11 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests