Posts: 65
Threads: 4
Joined: Dec 2023
Yo im wondering how can i make loading DLL's more stealthy. As LdrLoadDll isn't a suscall it's not that easy.
I see two possibilities:
Call Stack Spoofing
Make my retarded loader work with every Native PE file cuz at this moment its kind of lottery and some binaries/libraries doesn't load properly -_-.
Whats your thoughts, maybe im missing other possibilities?
Posts: 23
Threads: 0
Joined: Jun 2023
Posts: 70
Threads: 7
Joined: Dec 2023
depends on what you are injecting the dll into
Posts: 65
Threads: 4
Joined: Dec 2023
Jan 25, 2024, 05:07 PM
(This post was last modified: Jan 25, 2024, 05:10 PM by red_dot.)
(Jan 24, 2024, 09:30 PM)Throne Wrote: Manual mapping.
Isn't it resolving relocations, resolving IAT, building exports, executing tls and executing entry point? I have a basic loader that does that but i can't load for example nss3.dll. I tried basic dll that i made and it worked and im not sure if nss3 is somehow secured or my loader cannot load more complex ddl's.
(Jan 24, 2024, 11:26 PM)ricky_bobby Wrote: depends on what you are injecting the dll into
I want to inject/load DLL to current process to use its functions as i would use LoadLibrary and GetProcAddress. But i dont want to use this WinApi function for obvious reason
Posts: 23
Threads: 0
Joined: Jun 2023
Jan 25, 2024, 06:07 PM
(This post was last modified: Jan 25, 2024, 06:07 PM by Throne.)
(Jan 25, 2024, 05:07 PM)red_dot Wrote: my loader cannot load more complex ddl's.
Yes, you're right. You need to debug nss3.dll and find out why you can't load it. Maybe It tried to get handle of nss3.dll, (It can't because of manual mapping). You need to hook specific Windows API functions to fix this.
Posts: 65
Threads: 4
Joined: Dec 2023
(Jan 25, 2024, 06:07 PM)Throne Wrote: (Jan 25, 2024, 05:07 PM)red_dot Wrote: my loader cannot load more complex ddl's.
Yes, you're right. You need to debug nss3.dll and find out why you can't load it. Maybe It tried to get handle of nss3.dll, (It can't because of manual mapping). You need to hook specific Windows API functions to fix this.
That's a really good idea with hooking API functions i'll debug it and see where exactly does it crash. Thanks!
Posts: 257
Threads: 2
Joined: Feb 2024
(Jan 25, 2024, 08:06 PM)red_dot Wrote: (Jan 25, 2024, 06:07 PM)Throne Wrote: (Jan 25, 2024, 05:07 PM)red_dot Wrote: my loader cannot load more complex ddl's.
Yes, you're right. You need to debug nss3.dll and find out why you can't load it. Maybe It tried to get handle of nss3.dll, (It can't because of manual mapping). You need to hook specific Windows API functions to fix this.
That's a really good idea with hooking API functions i'll debug it and see where exactly does it crash. Thanks!
Ever get around to this? This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
|
