Home page logo
/

dailydave logo Dailydave mailing list archives

Reflective DLL Injection
From: Stephen Fewer <stephen_fewer () harmonysecurity com>
Date: Fri, 31 Oct 2008 17:58:02 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, Just released a short paper on Reflective DLL Injection.

Abstract: Reflective DLL injection is a library injection technique in
which the concept of reflective programming is employed to perform the
loading of a library from memory into a host process. As such the
library is responsible for loading itself by implementing a minimal
Portable Executable (PE) loader.

You can download the paper here:
http://www.harmonysecurity.com/files/HS-P005_ReflectiveDllInjection.pdf

And the PoC code here:
http://www.harmonysecurity.com/files/ReflectiveDllInjection_v1.0.zip

Support for Reflective DLL Injection has been added to Metasploit in the
form of a payload stage and a modified VNC DLL (both are currently in
the development tree).

Cheers

Stephen Fewer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkkLRyoACgkQQIrmi1YdFr4jOgCfRcZn+XKIS36fzTOPhIcAfiQj
e0IAoLmUxJqKZaUiticQ5nSCVFABeNjc
=yQXH
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
  • Reflective DLL Injection Stephen Fewer (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]