Difference between revisions of ".dll Injection and Patching"

From SkullSecurity
Jump to navigation Jump to search
Line 2: Line 2:
{{Infobox assembly}}
{{Infobox assembly}}


.dll injection is the easiest and most common way to write a hack.
To perform an injection, a process is told to load an attacker-controlled .dll file into its space. When loaded, the .dll file adds jumps (or "hooks") to certain places in the target program that automatically call functions in the .dll file. This allows the .dll file to capture specific events, such as packets being received, commands being typed, or anything else.
== Injection ==
If you want a program to do it for you without reading any further, feel free to grab [http://www.javaop.com/~ron/programs/Inject.zip the one I wrote]. It works well, but can't really be automated.
If you want to learn more about injection, feel free to browse my code [http://www.javaop.com/~ron/code/Injector here] or download the code [http://www.javaop.com/~ron/code/Injector.tgz here]. It's my first (and only) Windowsy program, so it might be valuable some day! But seriously, be gentle, and if you think you can improve it I'd welcome the change.
Basically, a program calls CreateRemoteThread() in the foreign process, giving it some code. The code given simply calls LoadLibrary() on your selected .dll file, which loads it into the program's address space.
If you want any more details about how injection works, check out Richter's book or my source code. It's been a long time, and I've always just used that program.




== Questions ==
== Questions ==
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.

Revision as of 21:20, 15 March 2007

Stop hand.png This page is under construction. USE AT YOUR OWN RISK!







Assembly Language Tutorial
Please choose a tutorial page:

.dll injection is the easiest and most common way to write a hack.

To perform an injection, a process is told to load an attacker-controlled .dll file into its space. When loaded, the .dll file adds jumps (or "hooks") to certain places in the target program that automatically call functions in the .dll file. This allows the .dll file to capture specific events, such as packets being received, commands being typed, or anything else.

Injection

If you want a program to do it for you without reading any further, feel free to grab the one I wrote. It works well, but can't really be automated.

If you want to learn more about injection, feel free to browse my code here or download the code here. It's my first (and only) Windowsy program, so it might be valuable some day! But seriously, be gentle, and if you think you can improve it I'd welcome the change.

Basically, a program calls CreateRemoteThread() in the foreign process, giving it some code. The code given simply calls LoadLibrary() on your selected .dll file, which loads it into the program's address space.

If you want any more details about how injection works, check out Richter's book or my source code. It's been a long time, and I've always just used that program.


Questions

Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.