Einzelnen Beitrag anzeigen

Kas Ob.

Registriert seit: 3. Sep 2023
346 Beiträge
 
#17

AW: eigener Debugger - Haltepunkte

  Alt 22. Jun 2024, 16:58
@dummzeuch, that is really nice project !
I am not familiar with it, but it looks right.

@himitsu, Well i didn't download the project yet, but i would suggest a new and novel approach for patching a process memory, myself will test it, yet can't find the time.
See, it is almost 6 PM, and a blackout is planned for 3 or 6 hours for my city, so no more Internet or PC for me today.

My suggestion is read and try this brilliant attack/approach instead of ReadProcessMemory/WriteProcessMemory
https://dtsec.us/2023-04-24-Sleep/
https://www.ired.team/offensive-secu...code-injection

I believe you can easily use NtCreateSection + NtMapViewOfSection this without the injection of course, they might yield way less overhead by simply patch the shared section, hence they might be faster than WriteProcessMemory, yet this need to be proved.
Kas
  Mit Zitat antworten Zitat