windows - Hiding the process name to avoid DLL injection. How feasible is it? -

-

the idea quite simple, i.e try not follow standard. example inject thing firefox, malware need know name of process 'firefox.exe' or inject thing in internet explorer, malware need know process 'iexplorer.exe'. if firefox or internet explorer not follow convention hard. idea put logic change name of process. real 'firefox.exe' replaced our 'firefox.exe' file. duplicate file startup , real firefox executable renamed `random string.exe'. when system triggers 'firefox.exe', open our 'firefox.exe' executable. executable in-turn open real firefox exectable 'random string.exe' , set dummy process information using 'setprocessinformation' api. using 'setprocessinformation' set false location of executable malware not able find real process based on location.

can body suggest how feasible (provided setprocessinformation can set false process location)?

its not worth trouble.

an attacker needs handle process, , if rename exe make tiny bit more difficult, not much. example monitoring processes open firefox history database or process dns lookup firefox update server enough that. or md5 summing exes , having set of known binary images.

basically if have code can inject dlls or code foreign processes have lost control of system.


Comments

Post a Comment

Popular posts from this blog

jQuery Mobile app not scrolling in Firefox -

-
i have mobile app built in jquery mobile. scrolling fine in chrome & safari, fails scroll in firefox on desktop. have other instances of same app, different features, , works across browsers. life of me, cannot figure this, please help! located here: http://re-brand.us/dsus/index.html seems bug in firefox: bug log . able scroll using keyboard not trackpad on mac. are using mac? i'll keep looking see if can find way around it.
Read more

c++ - How to add Crypto++ library to Qt project -

-
Image
i downloaded crypto++ source , compiled cryptlib project in visual studio 2013, , added generated .lib file qt project, made .pro file this: qt += core gui qt += sql greaterthan(qt_major_version, 4):qt += widgets target = untitled template = app sources += main.cpp\ mainwindow.cpp headers += mainwindow.h \ databasecontrol.h \ test.h forms += mainwindow.ui win32:config(release, debug|release): libs += -l$$pwd/ -lcryptlib else:win32:config(debug, debug|release): libs += -l$$pwd/ -lcryptlibd else:unix: libs += -l$$pwd/ -lcryptlib includepath += $$pwd/ dependpath += $$pwd/ win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/libcryptlib.a else:win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/libcryptlibd.a else:win32:!win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/cryptlib.lib else:win32:!win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/cryptlibd.lib else:unix: pre_targetdeps += $$pw
Read more

php array slice every 2th rule -

-
i have array on php outputs in txt file: printing grid -- 1 values -- undef = -9.99e+08 20.2 \nprinting grid -- 1 values -- undef = -9.99e+08 102.0 \nprinting grid -- 1 values -- undef = -9.99e+08 55.1 \nprinting grid -- 1 values -- undef = -9.99e+08 -18.3 \n what point, need nummeric values @ beginning of each rule. 20.2, 102.0, 55.1, -18,3 etc... example, there can more or less in txt file. now do? have tested array slice function can't exclude rule: printing grid -- 1 values -- undef = -9.99e+08 this array slice code... $arraygood = array_slice($arraybad, 1, 4); and foreach loop create text file: $file = fopen("array.txt","w"); foreach ($arraygood $meting => $waarde) { echo fwrite($file,$waarde . '\n'); } fclose($file); thanks! as posted in comments, understanding have array of strings similar following: $lines = array( "printing grid -- 1 values -- undef = -9.99e+08", "20.2 \nprinting grid --
Read more