Search found 3 matches

by j4ck
Wed Mar 06, 2019 4:17 am
Forum: User-Mode Development
Topic: Reflective DLL works with virtualalloc'd memory, but not hollowed dll memory
Replies: 0
Views: 208

Reflective DLL works with virtualalloc'd memory, but not hollowed dll memory

I am implementing dll hollowing code by modifying Stephen Fewer's reflective dll injection. First, it loads a system library using LoadLibraryA. Then it sets RWX permissions, and overwrites that dll with the new dll payload. Originally, it uses virtualalloc to allocate memory to write the dll payloa...
by j4ck
Wed Dec 19, 2018 4:12 am
Forum: User-Mode Development
Topic: Avoid undocumented API calls (RtlImageNtHeader)?
Replies: 2
Views: 1456

Re: Avoid undocumented API calls (RtlImageNtHeader)?

Ah I see. That's a much better way. Thanks
by j4ck
Wed Dec 19, 2018 3:17 am
Forum: User-Mode Development
Topic: Avoid undocumented API calls (RtlImageNtHeader)?
Replies: 2
Views: 1456

Avoid undocumented API calls (RtlImageNtHeader)?

I am developing code to hook a function in a remote process and I need to search for an unexported function. To get the search space, I need to get the size of the module. The usual way I've seen people do this is by RtlImageNtHeader. But I'm thinking, why not just use the documented function GetMod...