Skip to Main Content
Learning Malware Analysis
book

Learning Malware Analysis

by Monnappa K A
June 2018
Beginner content levelBeginner
510 pages
13h 7m
English
Packt Publishing
Content preview from Learning Malware Analysis

3.1 Remote DLL Injection

In this technique, the target (remote) process is forced to load a malicious DLL into its process memory space via the LoadLibrary() API. The kernel32.dll exports LoadLibrary(), and this function takes a single argument, which is the path to the DLL on the disk, and loads that DLL into the address space of the calling process. In this injection technique, the malware process creates a thread in the target process, and the thread is made to call LoadLibrary() by passing a malicious DLL path as the argument. Since the thread gets created in the target process, the target process loads the malicious DLL into its address space. Once the target process loads the malicious DLL, the operating system automatically calls the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Malware Analysis

Practical Malware Analysis

Michael Sikorski, Andrew Honig
Evasive Malware

Evasive Malware

Kyle Cucci
Security in Computing

Security in Computing

Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies

Publisher Resources

ISBN: 9781788392501Other