首页
社区
课程
招聘
[转帖]Perfect DLL Hijacking
发表于: 2023-10-27 01:31 5560

[转帖]Perfect DLL Hijacking

2023-10-27 01:31
5560

Perfect DLL Hijacking

DLL Hijacking is a technique that enables third-party code to be injected into a legitimate process (EXE) by fooling it into loading the wrong library (DLL). The most common way this happens is by placing your lookalike DLL higher up in the search order than the intended DLL, thereby getting your DLL selected first by the Windows library loader.


While mostly being a decisive technique, DLL hijacking has always had one huge disadvantage in the way that it executes our third-party code once loaded into the process. It's known as Loader Lock, and when our third-party code is run, it's subject to all its strict limitations. These include creating processes, doing network I/O, calling registry functions, creating graphical windows, loading additional libraries, and much more. Trying to do any of these things under Loader Lock will likely crash or hang the application.


Until now, only satisfactory (but needing something more), soon-to-break, or sometimes a tad over-engineered solutions for this problem have existed. So today, we're doing 100% original research reverse engineering the Windows library loader to not just cleanly workaround Loader Lock but, in the end, disable it outright. Plus, coming up with some stable mitigation & detection mechanisms defenders can use to help guard against DLL hijacking.


https://elliotonsecurity.com/perfect-dll-hijacking/


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 1
支持
分享
最新回复 (2)
雪    币: 3070
活跃值: (30876)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
mark
2023-10-29 22:36
1
雪    币: 439
活跃值: (468)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
这是dLL劫持工具吗
2024-6-8 19:41
0
游客
登录 | 注册 方可回帖
返回
//