Sunday, August 10, 2014

DLL Injection: Executing and Testing DLL's

DLL (Dynamic Link Library) Injection is the process of loading a DLL into target process so that code in the DLL might be executed in the context of the target process.

 Example Code Snippet

How to test DLL
RUNDLL32.EXE dll_name,EntryPoint [options]



AppInit_DLLs value is found at
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
We have to set Appinit_DLLs key value of the type REG_SZ to DLL's Path. Executables that do not link with User32.dll do not load AppInit DLLs.

NOTE: Above registry change might cause inconvenience as you might see too many pop-ups

References
http://www.exploit-db.com/exploits/14740/
http://www.exploit-db.com/papers/14813/
http://www.exploit-db.com/wp-content/themes/exploit/docs/242.pdf
http://www.ericphelps.com/batch/rundll/
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html

Posted by at
Labels: ,

2 comments:

  1. Tanika Co ValdaOctober 21, 2019 at 2:46 PM

    Great Article
    Cyber Security Projects for CSE Students


    JavaScript Training in Chennai



    Project Centers in Chennai




    JavaScript Training in Chennai

    ReplyDelete
  2. historypakNovember 3, 2019 at 2:17 AM

    Through hole technology is often utilized when manufacturing PCBs that are double-sided or multilayered. PCB reverse engineering PCBs can contaminate the environment through use and disposal, and it is believed that a large percentage of Americans may have already been exposed to dangerous levels of the substance.

    ReplyDelete

Subscribe to: Post Comments (Atom)