InjectProc – InjectProc – Process Injection Techniques

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.
There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.
Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.


DLL injection:

  • Open target process.
  • Allocate space.
  • Write code into the remote process.
  • Execute the remote code.

Process replacement:

  • Create target process and suspend it.
  • Unmap from memory.
  • Allocate space.
  • Write headers and sections into the remote process.
  • Resume remote thread.

Hook injection:

  • Find/Create process.
  • Set hook

APC injection:

  • Open process.
  • Allocate space.
  • Write code into remote threads.
  • “Execute” threads using QueueUserAPC.

Download
Windows x64 binary – x64 bit DEMO

Dependencies:
vc_redist.x64 – Microsoft Visual C++ Redistributable

DEMO

from KitPloit – PenTest Tools! http://ift.tt/2s439VO

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s