 |
 |
 |
 |
 |
|
Offene Frage von "himitsu"|
Registriert seit: 3. Sep 2023 412 Beiträge |
#12
AW: eigener Debugger - Haltepunkte
22. Jun 2024, 15:58
@dummzeuch, that is really nice project !
I am not familiar with it, but it looks right. @himitsu, Well i didn't download the project yet, but i would suggest a new and novel approach for patching a process memory, myself will test it, yet can't find the time. See, it is almost 6 PM, and a blackout is planned for 3 or 6 hours for my city, so no more Internet or PC for me today. My suggestion is read and try this brilliant attack/approach instead of ReadProcessMemory/WriteProcessMemory  https://dtsec.us/2023-04-24-Sleep/https://www.ired.team/offensive-secu...code-injectionI believe you can easily use NtCreateSection + NtMapViewOfSection this without the injection of course, they might yield way less overhead by simply patch the shared section, hence they might be faster than WriteProcessMemory, yet this need to be proved.
Kas
|
Zitat
|
ForumregelnEs ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.
BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus. Trackbacks are an
Pingbacks are an
Refbacks are aus
|
|
Baum-Darstellung
