InjectProc – InjectProc – Process Injection Techniques

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.

There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.

Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.

DLL injection:

Open target process.

Allocate space.

Write code into the remote process.

Execute the remote code.

Process replacement:

Create target process and suspend it.

Unmap from memory.

Allocate space.

Write headers and sections into the remote process.

Resume remote thread.

Hook injection:

Find/Create process.

Set hook

APC injection:

Open process.

Allocate space.

Write code into remote threads.

“Execute” threads using QueueUserAPC.

DownloadWindows x64 binary – x64 bit DEMODependencies:vc_redist.x64 – Microsoft Visual C++ RedistributableDEMO

Download InjectProc http://ift.tt/2s439VO http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s