google-site-verification: googlebaca44933768a824.html Find the lulz - Old Royal Hack Forum

Announcement

Collapse
No announcement yet.

Find the lulz

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Find the lulz

    Hiding Injected DLL in Windows
    http://syprog.blogspot.com/2011/12/hiding-injected-dll-in-windows.html
    Errare humanum est... For some reasons, I have missed an important aspect of DLL injection in my previous article. Namely - hiding your in...

    Executable Code Injection the Interesting Way
    http://syprog.blogspot.com/2011/12/executable-code-injection-interesting.html
    So. Executable code injection. In general, this term is associated with malicious intent. It is true in many cases, but in, at least, as m...


    There's more epic blog entries but I have to admit as a MURIKAN I am already too lazy to find them.
    Tags: None
    #2
    Re: Find the lulz

    probably they discovered it recently and dont know,
    dis teh same plus dll map not better.
    btw amd64 does not compute.






    gibs coins @
    1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

    Comment

      #3
      Re: Find the lulz

      tl;dr but it seems he's just covering shit that's old as fuck, I quickly checked other blog entries from him and nothing new under the sun
      lolmaoman: Germans are born with a lifetime x22 login engraved into their birth certificates. True story.
      I DONT HAVE TEAMVIEWER AND IM NOT GOING TO GIVE ANY 24/7 ONLINE SUPPORT VIA STEAM, XFIRE OR OTHER IM PROGRAMS SO DONT BOTHER ASKING. THANKS.

      Comment

        #4
        Re: Find the lulz

        Oh noes, another weird thread O_o

        Comment

          #5
          Re: Find the lulz

          when i read this thread for teh first time :

          Comment

            #6
            Re: Find the lulz

            Hiding an injected dll was generally what I was shooting for. Notice how they talk of how to detect it. Rather than calling VirtualQueryEx on all memory and looking for SEC_IMAGE and then calling GetMappedFileName, and checking against LDR_MODULE entries in lists.

            Other one you see no mention of VirtualQueryEx to check page protection. Then there's this nugget of gold:

            You may also want to change the VirtualSize of those sections of the victim process you used for injection in order to cover the injected code. Just adjust it in the headers in memory.
            I can't even begin to describe how useless that is.

            Comment

            Previous template Next
            Working...
            X

            We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

            By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

            I Agree