|
Full Disclosure
mailing list archives
Re: DLL hijacking POC (failed, see for yourself)
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Tue, 14 Sep 2010 23:15:57 +0200
Christian Sciberras wrote:
I wrote my own example POC.
and failed to use it right!
[...]
DHPOC\example\the-install-folder\
DHPOC\example\the-install-folder\dhpocApp.exe
DHPOC\example\the-install-folder\dhpocDll.dll
DHPOC\example\the-remote-folder
DHPOC\example\the-remote-folder\example.dhpoc
DHPOC\example\the-remote-folder\dhpocDll.dll
While testing this, I noticed that the dll hijack exploit completely
failed my tests (on Windows 7 64bit).
No, you failed the test!
The "application directory" is ALWAYS the first one where both implicit
(referenced in the binary) as well as explicit (via LoadLibrary())
loading will search.
Next time, do your homework first!
Stefan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: DLL hijacking POC (failed, see for yourself) Stefan Kanthak (Sep 15)
|
