转帖：关于DLL Injection的一些链接

最新推荐文章于 2024-07-30 21:02:40 发布

weixin_30481087

最新推荐文章于 2024-07-30 21:02:40 发布

阅读量94

点赞数

文章标签： php

原文链接：http://www.cnblogs.com/h2appy/archive/2008/10/21/1316076.html

版权

Trying to put together a list of related works for reference. Only interested in User-Mode hooking, and the way should be generally applicable (SetWindowsHook is not generally applicable, for example).

Dll Injection

Win32 LD_PRELOAD
http://www.deez.info/sengelha/code/win32-ldpreload/

InjLib - A Library that implements remote code injection for all Windows versions
http://www.codeproject.com/KB/library/InjLib.aspx

Injected Evil
http://www.rootkit.com/newsread_print.php?newsid=831

Injecting Code Into Privileged Win32 Processes
http://mnin.blogspot.com/2007/05/injecting-code-into-privileged-win32.html

CreateRemoteThread, Vista and separate sessions
http://blog.assarbad.net/20080723/createremotethread-vista-and-separate-sessions/

A More Complete DLL Injection Solution Using CreateRemoteThread
http://69.10.233.10/KB/threads/completeinject.aspx

Injection coverage on Vista with UAC
http://www.celceo.com/blogs/windows-insight/2008/02/injection-coverage-on-vista-wi.html

WoW64

Dll Injection - Vista + UAC
http://forum.madshi.net/viewtopic.php?p=15825

How does one retrieve the 32-bit context of a Wow64 program from a 64-bit process on Windows Server 2003 x64?
http://www.nynaeve.net/?p=191

Beware GetThreadContext on Wow64
http://www.nynaeve.net/?p=129

API Interception

API Spying Techniques for Windows 9x, NT and 2000
http://www.internals.com/articles/apispy/apispy.htm

Powerful x86/x64 Mini Hook-Engine
http://www.ntcore.com/Files/nthookengine.htm

API Hooking Methods
http://help.madshi.net/ApiHookingMethods.htm

Detours: Binary Interception of Win32 Functions
http://research.microsoft.com/~galenh/publications/huntusenixnt99.pdf

DEVIARE API HOOK
http://www.nektra.com/products/deviare/hooklib/index.php

Intercepting System API Calls:
http://softwarecommunity.intel.com/articles/eng/3651.htm

Why hooking system services is more difficult (and dangerous) than it looks
http://www.nynaeve.net/?p=210

User Level API Hooking Mistakes to Avoid
http://www.celceo.com/blogs/windows-insight/2007/09/pitfalls-of-api-hooking-at-the.html

Detour unhooking order
http://www.celceo.com/blogs/windows-insight/2008/02/detour-unhooking-order.html

Lock contention, the loader lock and hidden API locks
http://www.celceo.com/blogs/windows-insight/2007/10/lock-contention-the-loader-loc.html

Summary

Three ways to inject dll:

CreateRemoteThread (NtCreateThreadEx, RtlCreateUserThread...),
NtQueueAPCThread,
SetThreadContext.

The concerns around dll injection are:

WoW64,
Different Session (RunAs, RemoteDesktop and TerminalService),
System Process(Run As User System),
Native Process(Without Kernel32.dll),
Create and inject.

API interception concerns:

Instruction length
Unhookable instructions
Concurrency (Installing and Uninstalling time)
Intercept self (Infinite loop)
RIP-relative addressing

转载于:https://www.cnblogs.com/h2appy/archive/2008/10/21/1316076.html

weixin_30481087

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
转帖：关于DLL Injection的一些链接

Trying to put together a list of related works for reference. Only interested in User-Mode hooking, and the way should be generally applicable (SetWindowsHook is not generally applicable, for example)...
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。