Keywords: remote injection
CONTENTS:
1. Foreword ---------- What you should know 2. Simple example
2.1 Do a whole structure and ideas 2.2 Theory instantiation
3. Let the function becomes more abundant 4. How to prevent data from being obtained?
5. Reference documentation
There will always be a preface before the beginning, it is almost as a preface. Our platform should be Win2000 upward compatibility, etc., for insurance, (no one knows that Microsoft will not join the safety factor in the future Just as he joined the Raw Socket restriction in XP-SP2), let's list: Win2000 WinXP Win2003 ....... Do you know what you should understand is based on Win2000 ¹ kernel and Win982 (and related similar System) Nuclear difference.
Difference to understand that: win98 is communism, you are mine, mine is yours. Win2000 is capitalism, and the private property of each citizen (ordinary process) is sacred. So under Win98, I want to witness the property, it is legal, because it is my -___-opposite, in 2000, our behavior has become "steal". Ok, since we have determined that we have to be a thief, is it a tricks, or a dress, or to enter the interior? There are too many ways ~ Remote Injection is one of us to say, other aft method, such as DLL remote loading, API steering, global hook, see Other. The advantage of remote injection is simple, don't have to create a new DLL, or deep into the API, let's talk about only one magic weapon ------------ CreateRemThread Create a remote process <== You can understand him as a remote injection function. Suddenly, the sorry is here. After listening to me, I said that there are so many black smoky, I have to be annoying. One words are covered, all this must know is just two points. 1.Win2000 data to get the remote process must first disguise into part of that process (someone will say that Hook technology does not need to be disguised. Please note that the DLL is needed in the Hook, and this DLL is by being huddled to each process, Become a part of the process, to achieve hook. * I said "most", then "small part" does not require a DLL hook that is based on the drive layer, such as a keyboard hook.) 2. Remote injection - ---- This method is camouflaged by CreateremoteThread: If the declaration, it refers to a series of systems based on Windows2000, such as Windows2000, Windows XP, Windows 2003 WIN982: If the declaration, refers to Windows98, Windows95 and other series Core
To Be Continue ........
