内存注入都必须调用loadlibrary吗?
网上看了很多内存注入[无模块]例子, shellcode都有调用loadlibrary可以不调用loadlibrary实现远程内存注入吗?
远程线程注入的实现就是因为LoadLibrary的参数和CreateRemoteThread要求的函数指针的参数相同,因为这个巧合才出现了远程线程的注入方法。如果楼主需要了解更多的注入手法可在论坛搜索注入关键字对应的精华帖 Sorry,我看错了,楼主问的是shellcode都有调LoadLibrary,这是因为shellcode通常需要获取API地址需要用到GetProcAddress,他的参数之一是模块句柄,所以要通过LoadLibrary来获取模块句柄,当然LoadLibrary和GetProcAddress这两个API的获取方式也是比较特殊的。感谢提醒,差点误导楼主了 看来你并不知道万能的github
看这个https://github.com/ExpLife/awesome-windows-kernel-security-development https://github.com/papadp/reflective-injection-detection(InjectFromMemory)
https://github.com/psmitty7373/eif(InjectFromMemory)
https://github.com/rokups/ReflectiveLdr(InjectFromMemory)
https://github.com/BenjaminSoelberg/ReflectivePELoader(InjectFromMemory)
https://github.com/NtRaiseHardError/Phage(InjectFromMemory)
https://github.com/dismantl/ImprovedReflectiveDLLInjection(InjectFromMemory)
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher(InjectFromMemory)
https://github.com/amishsecurity/paythepony(InjectFromMemory)
好好看,好好学 我需要学习 初来乍到,认真回复
页:
[1]