首页
社区
课程
招聘
[转帖]Perfect DLL Hijacking
发表于: 2023-10-27 01:31 5604

[转帖]Perfect DLL Hijacking

2023-10-27 01:31
5604

Perfect DLL Hijacking

DLL Hijacking is a technique that enables third-party code to be injected into a legitimate process (EXE) by fooling it into loading the wrong library (DLL). The most common way this happens is by placing your lookalike DLL higher up in the search order than the intended DLL, thereby getting your DLL selected first by the Windows library loader.


While mostly being a decisive technique, DLL hijacking has always had one huge disadvantage in the way that it executes our third-party code once loaded into the process. It's known as Loader Lock, and when our third-party code is run, it's subject to all its strict limitations. These include creating processes, doing network I/O, calling registry functions, creating graphical windows, loading additional libraries, and much more. Trying to do any of these things under Loader Lock will likely crash or hang the application.


Until now, only satisfactory (but needing something more), soon-to-break, or sometimes a tad over-engineered solutions for this problem have existed. So today, we're doing 100% original research reverse engineering the Windows library loader to not just cleanly workaround Loader Lock but, in the end, disable it outright. Plus, coming up with some stable mitigation & detection mechanisms defenders can use to help guard against DLL hijacking.


https://elliotonsecurity.com/perfect-dll-hijacking/


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 1
支持
分享
最新回复 (2)
雪    币: 3573
活跃值: (31026)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
mark
2023-10-29 22:36
1
雪    币: 520
活跃值: (533)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
这是dLL劫持工具吗
2024-6-8 19:41
0
游客
登录 | 注册 方可回帖
返回
//