slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
malicious process PowerPoint Presentation
Download Presentation
malicious process

Loading in 2 Seconds...

play fullscreen
1 / 8

malicious process - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

k ernel32.dll. LoadLibrary (filename). LoadLibrary (filename). myInjectDll () { }. malicious process. Internet Explorer process. k ernel32.dll. LoadLibrary (filename). LoadLibrary (filename). myInjectDll () { h= OpenProcess (,, proc_id ) }. malicious process.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'malicious process' - quynh


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

myInjectDll()

{

}

malicious process

Internet Explorer process

slide2

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

myInjectDll()

{

h=OpenProcess(,,proc_id)

}

malicious process

Internet Explorer process

slide3

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

}

malicious process

Internet Explorer process

slide4

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

0x4000

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

}

malicious process

Internet Explorer process

slide5

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

0x4000

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

WriteProcessMem(h,addr,buf,size,…)

}

malicious process

Internet Explorer process

slide6

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

0x4000

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

WriteProcessMem(h,addr,buf,size,…)

}

“evil.dll”

malicious process

Internet Explorer process

slide7

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

0x4000

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

WriteProcessMem(h,addr,buf,size,…)

CreateRemoteThread(h,,,start,param,…)

}

“evil.dll”

malicious process

Internet Explorer process

slide8

kernel32.dll

LoadLibrary(filename)

LoadLibrary(filename)

0x4000

myInjectDll()

{

h=OpenProcess(,,proc_id)

addr = VirtualAllocEx(h,, size,,,)

WriteProcessMem(h,addr,buf,size,…)

CreateRemoteThread(h,,,start,param,…)

}

“evil.dll”

LoadLibrary(“evil.dll”)

malicious process

Internet Explorer process