Location:
Search - 内存直接加载DLL
Search list
Description: 演示从从内存直接加载DLL
Platform: |
Size: 191418 |
Author: adongtan@tom.com |
Hits:
Description: 在内存中直接加载DLL调用,使用汇编编写,非常有用-MemLoadLibrary
Platform: |
Size: 3072 |
Author: 天心 |
Hits:
Description: 不使用LoadLibrary加载DLL,此方法可以加密DLL,运行动态解密,然后直接在内存中加载,或把DLL当资源放在EXE中,运行只在内存中解开,不需要外带d-Do not use LoadLibrary load the DLL, this method can be encrypted DLL, run the dynamic decryption, and then directly loaded in memory, or the DLL when resources are placed in EXE, run only in memory, unlock, requires no external dll
Platform: |
Size: 11264 |
Author: 王高全 |
Hits:
Description: exe 直接 注入EXE
内存直接加载exe数据,DLL数据等等
任意注入
Platform: |
Size: 3725312 |
Author: 黄将 |
Hits:
Description: 本PDF用于教授如何不适用DLL文件而在内存中直接加载DLL数据进行调用,用于避开某些XX的检测。-The PDF used to teach how to NA DLL files and DLL is loaded in memory data directly call for avoiding certain XX detection.
Platform: |
Size: 153600 |
Author: DouMen |
Hits:
Description: 内存加载Dll,直接将Dll数据加载到内存中执行,很方便-Memory load Dll, Dll directly load data into memory for execution, it is convenient
Platform: |
Size: 36864 |
Author: 朱郑 |
Hits:
Description: 直接在内存中加载Dll,调用Dll中的方法,跳过Loadlibrary方法。需在了解PE文件格式的基础上,读源码,用于免杀等安全相关软件。-Directly loaded in memory Dll, Dll method calls, skip Loadlibrary methods. Need to understand the PE file format, based on reading the source code for free to kill other security-related software.
Platform: |
Size: 295936 |
Author: lyz |
Hits:
Description: 这是一个从内存(资源形式)直接加载并调用DLL中函数的例子。
xDll工程只是一个测试用的dll,附上代码,编译出的xDll.dll直接放在testLoadDll工程目录下
testLoadDll是实际测试代码,从资源直接加载Dll并调用其导出函数
加载用MemoryLoadLibrary()
查找导出函数用MemoryGetProcAddress()
释放时用MemoryFreeLibrary
详情请见代码。-This is an example of a loaded directly memory (resources in the form) and call the DLL function.
xDll just a test project with the dll, attach code, compile the xDll.dll directly on testLoadDll project directory
testLoadDll is the actual test code, Dll loaded directly the resource and call its export function
Loaded with MemoryLoadLibrary ()
Find the export function with MemoryGetProcAddress ()
When released by MemoryFreeLibrary
For details, see the code.
Platform: |
Size: 89088 |
Author: kikaylee |
Hits:
Description: mem_loaddll
直接在内存中加载dll , 自己用PE实现 LoadLibrary-mem_loaddll load dll directly in memory, they used to achieve PE LoadLibrary
Platform: |
Size: 8192 |
Author: 注册会员 |
Hits:
Description: 在内存中直接加载DLL调用,使用汇编编写,非常有用-MemLoadLibrary
Platform: |
Size: 3072 |
Author: xff2220huangu4 |
Hits:
Description: 不创建进程,直接可以在内存加载pe文件,不使用Loadlibrary,直接在内存中展开加载(Do not create a process, you can directly load PE files in memory, do not use Loadlibrary, directly in memory expansion load)
Platform: |
Size: 10240 |
Author: 嗷叫
|
Hits:
Description: c++ 内存加载Dll
特点如下:
直接在内存中载入,无磁盘占用
支持加壳保护的dll , 平时用的最多的vmp ,其它壳子还请自己测试
无模块载入, 因为重写了loadlibary ,如需要请自己注册
支持注入到目标进程,前提请先使用相应权限打开目标
对原代码的修改如下:
使用内联汇编将原 c/c++的库调用 代替, 使得 注入代码可行
支持直接使用资源加载和注入
支持加载exe ,请自行 hook 某些函数 ,确保exe 正确运行
加入inline 注入方式
代码少量加花, 确保编译器最大优化无误
注入的示例代码(The characteristics are as follows:
Directly loaded in memory, diskless occupancy
Support shell protection DLL, usually the most used VMP, please own other shell test
No module loading, because loadlibary is rewritten, if necessary, please register yourself.
Support injection into the target process. First, use the corresponding permission to open the target.
The modifications to the original code are as follows:
The intranet assembly is used to replace the library call of the original c/c++, so that the injected code is feasible.
Support direct use of resource loading and injection
Support loading exe, please hook some functions to ensure that exe is running correctly.
Adding inline injection
Small amount of code is added to ensure maximum error of compiler.
Sample code injected)
Platform: |
Size: 8192 |
Author: 轩轩轩 |
Hits: