Thread: Loading dll ( infecting pe )

My little example which infects firefox.

1.unpack dll from itself.
2.infects firefox.
3.when firefox started loads dll and jump to original entry point.



So it is example and addresses in shellcode are hardcoded.

Nice..

Cool thanks, just wondering would there be a way of injecting the dll or something with the same effect with out writing the dll to disk?.. i kinda just posted this in a differnt topic but this one seems more apropriate

Originally Posted by DigitalNemesis

Cool thanks, just wondering would there be a way of injecting the dll or something with the same effect with out writing the dll to disk?.. i kinda just posted this in a differnt topic but this one seems more apropriate

mm.. nice source Although hardcoding addresses is ehh.. but still good source
Best part of the source:

Code:

	if( !infect("firefox.exe") ) 
		OutputDebugString("[inf]-> Epic Fail\n");

Originally Posted by DigitalNemesis

Cool thanks, just wondering would there be a way of injecting the dll or something with the same effect with out writing the dll to disk?.. i kinda just posted this in a differnt topic but this one seems more apropriate

what do you mean by "same effect"? you can copy custom pe loader to remote process, then copy your dll file to remote process, then create a remote thread that would kick in the loader. then you would get your dll loaded from memory in a remote process (completely bypassing windows loader). is that what you want?

Originally Posted by rndbit

what do you mean by "same effect"? you can copy custom pe loader to remote process, then copy your dll file to remote process, then create a remote thread that would kick in the loader. then you would get your dll loaded from memory in a remote process (completely bypassing windows loader). is that what you want?

16-03-2010
....