Use driver to run a process

#23625 by Raheel
Sun Aug 17, 2014 1:53 am

I have made a Rootkit that works fine. I just want the functionality to get this running after system startup automatically. If have configured my driver to auto-load but If my user-land application is set to start-up folder, then it is easy to catch it. Also if I add it to autorun registry, that is also possible for the user to detect it easily. So my question is that Is there any way to put running code in driver to load it.
In simple words, how to use driver to run a process?

Username

Raheel

Posts

5

Joined

Tue Jun 17, 2014 9:22 am

Re: Use driver to run a process

#23626 by EP_X0FF
Sun Aug 17, 2014 5:01 am

APC inject dll in existing process and start it from there using dll routine.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Use driver to run a process

#23627 by Raheel
Sun Aug 17, 2014 6:54 am

If you don't mind, can you give me any link from where I can study this all to do so. Thanks for the help.

Username

Raheel

Posts

5

Joined

Tue Jun 17, 2014 9:22 am

Re: Use driver to run a process

#23629 by EP_X0FF
Sun Aug 17, 2014 11:56 am

Raheel wrote:If you don't mind, can you give me any link from where I can study this all to do so. Thanks for the help.

http://files.rsdn.ru/8316/inject.zip

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact