recentpopularlog in

whip_lash : dll   3

DLL Hijacking | Liberty
Using Procmon, open targeted PE and identify DLLs attempting to load from a writable path.
Using Ghidra identify valid entry points of said DLL.
Create DLL with a valid entry point(s) function. Within the function will be your payload.
Rename compiled DLL respectively, and place in writable directory.
Execute the PE and watch the show.
dll  dllhijack  reverse-engineering  reverseengineering 
march 2019 by whip_lash
Everything You Never Wanted To Know About DLLs
I’ve recently had cause to investigate how dynamic linking is implemented on Windows. This post is basically a brain dump of everything I’ve learnt on the issue. This is mostly for my future reference, but I hope it will be useful to others too as I’m going to bring together lots of information you would otherwise have to hunt around for.
windows  dll 
april 2018 by whip_lash

Copy this bookmark:

to read