Blog Archive
2013
Tags
API import, Assembly Language, blog, exception handling, export table, Linux, low level development, Low level programming, obfuscation, sigaction, signal, software protection, structured exception handling, system programming, vectored exception handling, windows internals
System Programming Blog
2023-02-07 09:31:00
This blog is dedicated to low level programming in Assembler and C/C++ (although, C++ is unwelcome) in either *Nix or Windows based operating systems.
Showing 6 posts for tag 'dll injection'
Exception Driven 'Debugging': Getting Behind the Anti Debugging Tricks
October 22, 2012
However, the purpose of this article is not to discuss pros and cons of Themida or any other protector, nor do I have any intention to disgrace any of the software vendors. The purpose is to describe a relatively easy way of bypassing common anti debugging tricks (including Windows DRM protection) with DLL injection.
Tags: analysis, anti piracy, C, code injection, CreateRemoteThread, dll injection, dump, enumerate threads, exception handling
CreateRemoteThread. Bypass Windows 7 Session Separation
May 30, 2012
Internet is full of programmers forums and those forums are full with questions about CreateRemoteThread Windows API function not working on Windows 7 (when trying to inject a DLL). Those posts made by lucky people, somehow, redirect you to the MSDN page dedicated to this API, which says: "Terminal Services isolates each terminal session by design. Therefore, CreateRemoteThread fails if the target process is in a different session than the calling process." and, basically, means - start the process from your injector as suspended, inject your DLL and then resume the process' main thread.
Tags: Assembly Language, code injection, CreateRemoteThread, dll injection, enumerate threads, suspend thread, windows internals
Faking KERNEL32.DLL - an Amateur Sandbox
March 6, 2012
A couple of days ago, I saw that someone was looking for a way to load and use fake KERNEL32.dll and I realized that this information has not yet been covered here. There is no source code for this article as I am a bit short on time to write it, but I will do my best to provide as much information as possible so, those who would want to try it would have no problem doing that.
Tags: advanced programming technique, API export, API import, Assembly Language, dll injection, export table, fake dll, programming, system internals, system programming, windows internals
Executable Code Injection the Interesting Way
December 16, 2011
So. Executable code injection. In general, this term is associated with malicious intent. It is true in many cases, but in, at least, as many, it is not. Being malware researcher for the most of my career, I can assure you, that this technique appears to be very useful when researching malicious software, as it allows (in most cases) to defeat its protection and gather much of the needed information. Although, it is highly recommended not to use such approach, sometimes it is simply unavoidable.
Tags: advanced programming technique, code injection, dll injection, information, low level development, obfuscation, programming, software protection, system programming, windows internals
Hiding Injected DLL in Windows
December 8, 2011
In this article I will cover the easiest way to hide your injected library from the "victim" process. Intentionally or not, but we will have to dive a bit into Windows internals starting with the TIB (Thread Information Block) and ending with good old UNICODE_STRING data structure.
Tags: low level development, advanced programming technique, obfuscation, dll injection, Assembly Language, software protection, windows internals

This site uses cookie files for our mutual comfort.

OK

BitMazing.tech
Services
Projects
About
Contact

Services
Reverse engineering
Software development
Database programming

Publications
Mastering Assembly Programming
Practical Assembly Programming
Copyright © 2023 Alexey Lyashko