Announcement
Collapse
No announcement yet.
Find the lulz
Collapse
X
-
Re: Find the lulz
tl;dr but it seems he's just covering shit that's old as fuck, I quickly checked other blog entries from him and nothing new under the sunlolmaoman: Germans are born with a lifetime x22 login engraved into their birth certificates. True story.
Comment
-
Re: Find the lulz
Hiding an injected dll was generally what I was shooting for. Notice how they talk of how to detect it. Rather than calling VirtualQueryEx on all memory and looking for SEC_IMAGE and then calling GetMappedFileName, and checking against LDR_MODULE entries in lists.
Other one you see no mention of VirtualQueryEx to check page protection. Then there's this nugget of gold:
You may also want to change the VirtualSize of those sections of the victim process you used for injection in order to cover the injected code. Just adjust it in the headers in memory.
Comment
Comment