DLL Injection
Process Injection
Technique Details
Description
Inject a DLL into a running process to execute code within its context.
Dependencies
stdio.h
stdlib.h
string.h
windows.h
tlhelp32.h
stdlib.h
string.h
windows.h
tlhelp32.h
Mitigations
Use process protection mechanisms, restrict unnecessary privileges, and enable Secure Boot.
📝 Add Note
Steps
Get PID – Enumerate processes to find the PID of the target (e.g., notepad.exe).
Open Process – Get a handle to the target process with OpenProcess.
Allocate Memory – Reserve space in the target process with VirtualAllocEx.
Write Path – Write the DLL path into that memory using WriteProcessMemory.
Resolve LoadLibraryA – Get the address of LoadLibraryA from kernel32.dll.
Create Thread – Start a new thread in the target using CreateRemoteThread with LoadLibraryA.
Wait and Clean Up – Wait for the thread, then free memory and close handles.
Open Process – Get a handle to the target process with OpenProcess.
Allocate Memory – Reserve space in the target process with VirtualAllocEx.
Write Path – Write the DLL path into that memory using WriteProcessMemory.
Resolve LoadLibraryA – Get the address of LoadLibraryA from kernel32.dll.
Create Thread – Start a new thread in the target using CreateRemoteThread with LoadLibraryA.
Wait and Clean Up – Wait for the thread, then free memory and close handles.
Code
- C++
- Rust
⚠️ Note: The Rust code examples shown here are not exhaustively tested in all environments or edge cases.
Proof of Concept
Leave a Reply
You must be logged in to post a comment.