Download
1 / 8
80 likes | 189 Views
k ernel32.dll. LoadLibrary (filename). LoadLibrary (filename). myInjectDll () { }. malicious process. Internet Explorer process. k ernel32.dll. LoadLibrary (filename). LoadLibrary (filename). myInjectDll () { h= OpenProcess (,, proc_id ) }. malicious process.
E N D
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) myInjectDll() { } malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) myInjectDll() { h=OpenProcess(,,proc_id) } malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) } malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) 0x4000 myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) } malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) 0x4000 myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) WriteProcessMem(h,addr,buf,size,…) } malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) 0x4000 myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) WriteProcessMem(h,addr,buf,size,…) } “evil.dll” malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) 0x4000 myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) WriteProcessMem(h,addr,buf,size,…) CreateRemoteThread(h,,,start,param,…) } “evil.dll” malicious process Internet Explorer process
kernel32.dll LoadLibrary(filename) LoadLibrary(filename) 0x4000 myInjectDll() { h=OpenProcess(,,proc_id) addr = VirtualAllocEx(h,, size,,,) WriteProcessMem(h,addr,buf,size,…) CreateRemoteThread(h,,,start,param,…) } “evil.dll” LoadLibrary(“evil.dll”) malicious process Internet Explorer process
