DLL Injection Into All Processes - Part 8 - Coding Win Driver: Creating Section - KnownDlls (cont.)
565 بار بازدید -
3 سال پیش
-
Coding it in WinAPI/C++ using
Coding it in WinAPI/C++ using Visual Studio - Coding Windows Driver: Creating Section - KnownDlls (continued)
Blog post: https://dennisbabkin.com/blog/?i=AAA1...
0:00 Intro
0:36 Continuing to code CSection::CreateKnownDllSection() function
3:16 Opening our FAKE.DLL file using ZwOpenFile
13:09 Creating a section from our FAKE.DLL using ZwCreateSection
17:57 Filling in our DLL_STATS with created section info
18:22 Getting our section object pointer with ObReferenceObjectByHandleWithTag
24:49 Adjusting CSection::FreeSection() function to remove our section
27:28 Adjusting CSection::CreateKnownDllSection() function to close permanent section correctly in case of an error
30:46 Testing current build of the driver and two bitnesses of FAKE.DLL in a test VM
34:36 Dealing with the error 0xC0000035 during testing
37:09 Fixing a bug with missing CSection::Initialize() function call
48:01 Adjusting sectionType debugging output to be more readable after a change by doing some refactoring
51:06 Checking that security descriptor is set up correctly on the InjectAll folder
#kernel #driver #tutorial #cpp #win32
Blog post: https://dennisbabkin.com/blog/?i=AAA1...
0:00 Intro
0:36 Continuing to code CSection::CreateKnownDllSection() function
3:16 Opening our FAKE.DLL file using ZwOpenFile
13:09 Creating a section from our FAKE.DLL using ZwCreateSection
17:57 Filling in our DLL_STATS with created section info
18:22 Getting our section object pointer with ObReferenceObjectByHandleWithTag
24:49 Adjusting CSection::FreeSection() function to remove our section
27:28 Adjusting CSection::CreateKnownDllSection() function to close permanent section correctly in case of an error
30:46 Testing current build of the driver and two bitnesses of FAKE.DLL in a test VM
34:36 Dealing with the error 0xC0000035 during testing
37:09 Fixing a bug with missing CSection::Initialize() function call
48:01 Adjusting sectionType debugging output to be more readable after a change by doing some refactoring
51:06 Checking that security descriptor is set up correctly on the InjectAll folder
#kernel #driver #tutorial #cpp #win32
3 سال پیش
در تاریخ 1400/03/08 منتشر شده
است.
565
بـار بازدید شده