Great as usual :), I created similar injector but in C#, the important thing here is that you need to create two versions of injector; a x64 one to inject x64 processes, and a x86 one to inject x86 processes.
@nikos4677
3 ай бұрын
Dude you explained some things I didnt know and ot really helped thanks. Most youtubers ignore some important details and itsannoying
@crr0ww
Жыл бұрын
I learned a lot from this! Thank you, you're a legend :)
@faanross
2 ай бұрын
aint he just?
@apaatutu9709
Жыл бұрын
Thanks a lot, Great help to me.
@kaolungservice
Жыл бұрын
thanks for sharing ,good man .
@itf_ph3r0x41
Жыл бұрын
Hey Pavel, great video to show some basics, thats often underrated. If you wouldn't mind, could you help me out with a little problem that I am facing right now? I want to get a better understanding of the entire usermode concept in windows, I also bought the wininternals books and partially read them. So my problem is, that I want to perform accurate handle enumeration. There is a usermode process that is creating a lot of short lived handles to scan memory regions of my process, but I cant find these handles by using NtQuerySystemInformation using the SystemHandleInformation class. On the other hand, I know that the other process is also doing a usermode handle enumeration to detect any opened handles to the process. So my question is, are there other ways to enumerate handles of a process in usermode? NtQuerySystemInformation gives us a list of all system handles, and each scan takes multiple seconds to traverse through, which could be a reason why short lived handles are not found... I really don't want to inject into the other process though and hook stuff, the goal was to perform a good handle enumeration externally. I hope you can give me a hint maybe :) But for now - Спасибо за всё, Я огромный Фан!
@zodiacon
Жыл бұрын
NtQuerySystemInformation is the way to go. There is no better way from user mode. Short-lived handles are just that - enumeration has nothing to do with that. It captures what exists at enumeration time. With a kernel driver, you could intercept opening handles to processes, for example.
@itf_ph3r0x41
Жыл бұрын
@@zodiacon Alright, so I guess that detecting short lived handles from usermode is a thing of time luck then. Would multithreaded scanning increase the probability of detecting these handles?
@zodiacon
Жыл бұрын
Not really, there is internal locking happening anyway.
@logicchild
Жыл бұрын
Could you please create a tutorial for a mini driver to inject this dll into any user-mode process when it starts 🙏
@zodiacon
Жыл бұрын
There are such examples on Github... for now, I'll stick with simpler things :)
@marq4375
Жыл бұрын
Hey Pavel big fan! I have some of your books and also your pentester academy windows series. Glad to see you on KZitem. If you make a Patreon I'd be interested in donating! Thanks again, you're a master at this !
@zodiacon
Жыл бұрын
Happy to receive support! patreon.com/zodiacon
@batphamduong9700
2 ай бұрын
Hi Pavel, Thanks for tutorials...But all your tutorial is injected to already running process.. How about Create new process and inject in to it? My current problem is create new progress (Ex Notepad) and inject to it..but sometime it work...sometime it dont...I dont know why...just assume dll injected when nodepad process not full loaded
@zodiacon
2 ай бұрын
Usually injecting into a new process is much easier, because you have an all powerful handle to it (no need to call OpenProcess which may fail). If you create the process suspended and try to inject to it, it is likely to fail, because the process only has NtDll loaded into it.
@batphamduong9700
2 ай бұрын
@@zodiacon so what is solution ?
@zodiacon
2 ай бұрын
There is no "one, single" solution... do some research, try things out...
@fee171
Жыл бұрын
Hey bro if I subscribe to patreon, can you compile an injector for me?
@zodiacon
Жыл бұрын
No... that's not the purpose of this channel. I'm sure you can find plenty elsewhere.
@zodiacon
Жыл бұрын
The source code is provided at github.com/zodiacon/youtubecode
Пікірлер: 23