News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

DLL injection question

Started by kodekrazy, November 19, 2005, 02:23:53 AM

Previous topic - Next topic

kodekrazy

I have a question. I have been able to achive dll process injection. I want to know if it is possible for an exe to inject a process without using a DLL. If there is a tutorial on the subject or something, a link would be nice.

thank you in advance

zooba


Mincho Georgiev


sluggy

Quote from: kodekrazy on November 19, 2005, 02:23:53 AMI want to know if it is possible for an exe to inject a process without using a DLL.
Why? What exactly are you trying to achieve? What are you trying to do to the process?

MusicalMike

By dll injection, do you mean writing executable code dirrectly into an dll?

If so, there are only two posible applications for this. One, self modifying code, and two, virus authoring. Which one are you doing?

MR_RAEP

Quote
By dll injection, do you mean writing executable code dirrectly into an dll?

If so, there are only two posible applications for this. One, self modifying code, and two, virus authoring. Which one are you doing?

I have seen you say this a few times while reading the posts. Im sure there are other reasons for injecting code into other processes. Debugging and malware protection/ analysis comes to mind.
I have created anti-spyware software, not prime time, that suspends new executable launchs and notifys user of newly created executable starting. If the user allows the exec to continue, I inject a dll to patch API's to see what the new exe is doing, and if it tries to do something bad, it can be stopped. Isnt this a valid reason for injecting code?



sluggy

Quote from: MR_RAEP on November 21, 2005, 10:24:39 AMI have seen you say this a few times while reading the posts. Im sure there are other reasons for injecting code into other processes. Debugging and malware protection/ analysis comes to mind.
Debugging is not a valid reason for code injection - just use a debugger, there are plenty of free ones around. Malware protection is also not totally valid - there are few reason why you need to inject code to protect from, or to control, running malware. I have done a lot of malware cleaning, and seen a lot of nasty malware - and in my not so humble opinion, if you need code injection to shut down malware, then it is a piece malware that is too complex to be shutdown safely with software - you need a human to do it. For instance, i do not want software attempting to remove a rootkit from my machine - i would manually remove it after using diagnostic tools to determine what it was. Rather like Mark Russinovich demonstrated with the Sony rootkit. In fact that is a good example - at no point did he need to inject code into any of the modules comprising the rootkit.


QuoteIf the user allows the exec to continue, I inject a dll to patch API's to see what the new exe is doing, and if it tries to do something bad, it can be stopped. Isnt this a valid reason for injecting code?
In this case, argueably yes. But the whole point of this was that we were asking kodekrazy to explain himself. And he couldn't. The forum has various rules and policies that are not negotiable. Assisting brand new and unproven members with advanced techniques like code injection is frowned upon. We prefer to know that our members are responsible and capable before giving help with advanced topics.





hutch--

It needs top be understood that the forum has a set of rules that will be enforced and repeatedly questioning about risky techniques is a surefire way to break them. We leave enough room for people who have good technical reasons to ask questions but unless we are satisfied, the topic will be closed just like this one is. This is finally an assembler language forum, not a venue for illegal practices and borderline technology and this will not change.

For the members who have raised these issues, please remain within the forum guidelines if you wish to ask questions in here otherwise we will be forced to remove members who keep offending.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php