-
ModuleOverride - Part 2
Welcome back! This is the continuation of my blog on the ModuleOverride injection technique. In the first part I focused a lot on the theory concepts of ModuleOverride, talking about why and where I looked for an existing buffer inside a running process and how to retrive an handle to that memory region by parsing the PE. Let’s continue where we left off! In that first blog, I identified a potential buffer in the exported... -
ModuleOverride
When I write my injectors, one of the details I’m interested in is the manipulation of the target process memory. I have already had fun looking for existing buffer in memory that allow me to store my shellcodes without dealing with the allocation of new ones. I discussed in this blog how I used the PE EntryPoint of a Windows process (and the memory pointed by this) to store and execute payloads. I decided to...