| |
| |
|
 | hello everyone together...
within windows are some bewitchments possible, The usually none functions should. an of it is the DLL Einschleusung in stranger processes. i think, that I a further Possibility the DLL-Injektion too with Profan hinbekomme. ought to to the here post??? |
|
| |
| |
| |
|
|
Michael
Wodrich | and who is then faster:
- The wicked, The the abuse?
- or The good, The a patches draufsetzen.... |
|
| |
| Programmieren, das spannendste Detektivspiel der Welt. | 08/30/06 ▲ |
|
| |
|
|
| | there's already Source To this Topic for MASM. possibly becomes it furthermore and always his - but only for Administratoren, because this is through Rechtevergabe very slight einzuschränken. important is the therefore sooner not for people, The viruses write want, sonder Perhaps for people, The programs develop. Perhaps should The know, what everything possible is and How simply this is ... |
|
| |
| |
| |
|
|
|  Mmmh...,
The drove, The one such View source bergen could are still To big, circa it here simply To post. If my idea really functions, could eachone Schwachkopf by a Trojaner data at a Firerwall vorbeischleusen, there Yes almost eachone as Admin Internet surfing. means furthermore no Source moreover of me - but (if I The thing running get  ), one Program. means one Program, the one with Own DLLs as Administrator in stranger processes loading can - set me to of my Nachtwache dran. The Opportunities, so something bid, are simply To big circa of it The fingers To let.   |
|
| |
| |
| |
|
|
| shining to go, The thing - if it no Einwände moreover gives, becomes it very soon well in a of my Freewareprogramme a Possibility give, NT-based Systemen (2000/XP) Own DLLs in stranger processes einzuschleusen.
what means the among other things:
- About these DLLs could from the outside APIs carryed out go, The really only inside the Prozesses functions.
- The Opportunities, Vorgänge in andren Prozessen (Betriebssystemprozessen) To to supervise, could almost grenzenlos his.
interest on so one Program? Birgt such a thing sooner drove, bring it new Opportunities or would the only kalter coffee, because the anyhow already eachone can? |
|
| |
| |
| |
|
|
 | No - no kalter coffee but nevertheless becomes the whole mean I überbewertet.
what believe You where to the Abuse his?
I know on attempt no dangerous Injection its task as such not too plainer/differently possible would.
but Perhaps be so did i only stumpf? |
|
| |
| |
| |
|
|
| [quote:e8a6387a3c=iF]No - no kalter coffee but nevertheless becomes the whole mean I überbewertet.
what believe You where to the Abuse his?
I know on attempt no dangerous Injection its task as such not too plainer/differently possible would.
but Perhaps be so did i only stumpf?[/quote:e8a6387a3c]
Mmh... - as View source see I there already a menace. ´Weil it so simply is, could eachone Hirni in its Profanprogramme View source install, which z.B. into internet Explorer einschleusen and so evtl. dangerous items at a Firerwall vorbeischummeln.
In one Program installed see I there not integrally so plenty Problems - sooner More Opportunities. there's there some on APIs, The only within one Prozesses carryed out go can. Also could within one (system-) processes integral More possible his, as outside this Prozesses (if z.B. The ID screen becomes). Evtl. could one then but neither More very plenty keep secret... |
|
| |
| |
| |
|
|
| | PS: the one drove vast unterschätzen can, has me The Shatter Attack viewed. self the author this Attacke has apparently none known, what there in the Endeffekt really everything possible is. i want "And something do, I hereafter vast bereue - Opportunities rush let dazuzulernen I will but neither... |
|
| |
| |
| |
|
|
| Hm - naja want we times not god play  i think not the it our task his can To decide whether The Opportunities mortal or cool are - something like can only The story show. |
|
| |
| |
| |
|
|
| really is it not at all so heavy suitable Codes to find 
[quote:bf982ed307]if a process calls the api-Procedure (for example MessageBoxEx@16,
the first 5 Bytes in the Api-Procedure are Codes to save some registers.
You can Test severals Apis, and you get the same results
The ploy to redirect is now to replace those 5 Bytes with a JMP- condition.
Regular, all JMP-Condition with FAR-Pointers have 6 Bytes.
Only the relative JMP-Condition has 5 Bytes.
The First Opcode for this relative JMP is then the magic $E9.
(sea INTEL-x86 Books or just google for E9 and JMP
the $C3 is only for saveness, its a Exception-Call. so if any error occurs,
your own exceptionhandler (maybe OnError) wants be called.[/quote:bf982ed307]
Erforderliche API:
ReadProcessMemory
WriteProcessMemory
The erforderlichen Info are now there, or. so can yet only his own program hooken, what not really meaningfully is.. whether Andreas its routine hereon aufbaut white I naturally not |
|
| |
| |
| |
|
|
| | goes yet integral plainer... |
|
| |
| |
| |
|
|
| | You spoke indeed of DLL-Injection, there becomes it ausgenützt, the In any drop Aufrufe for Kernel32 include are. Vermute I time |
|
| |
| |
| |
|
(1.114)
Deutsch
English
Français
Español
Italia