Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Launchers
Дальше: Process Replacement
shows an example of DLL injection. In this example, the launcher malware injects its DLL into Internet Explorer’s memory, thereby giving the injected DLL the same access to the Internet as Internet Explorer. The loader malware had been unable to access the Internet prior to injection because a process-specific firewall detected it and blocked it. contains C pseudocode for performing DLL injection. shows DLL injection code as seen through a debugger. The six function calls from our pseudocode in can be seen in the disassembly, labeled ❶ through ❻., we don’t see those strings, but they must be accessed before this code executes. The victim process name can often be found in a strncmp function (or equivalent) when the launcher .
Назад: Launchers
Дальше: Process Replacement
Войти в систему
Войти с помощью соц. сетей:
shows DLL injection code as seen through a debugger. The six function calls from our pseudocode in can be seen in the disassembly, labeled ❶ through ❻.
, we don’t see those strings, but they must be accessed before this code executes. The victim process name can often be found in a
strncmp function (or equivalent) when the launcher .
Назад: Launchers
Дальше: Process Replacement
Войти в систему
Войти с помощью соц. сетей: