tag:blogger.com,1999:blog-3959530707308851520.post6577952635806268897..comments2024-03-28T17:30:08.448+05:30Comments on 3S Labs Blog | High Quality Information Security Services: Remote DLL LoaderUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-3959530707308851520.post-46168627153040109782016-05-31T13:48:26.244+05:302016-05-31T13:48:26.244+05:30thank you, but my friend suggested me to replace m...thank you, but my friend suggested me to replace my file with <a href="http://fix4dll.com/msvcp120_dll" rel="nofollow">http://fix4dll.com/msvcp120_dll</a> this one?is it okay?Bob Marlesnoreply@blogger.comtag:blogger.com,1999:blog-3959530707308851520.post-64484845301758547682012-08-23T23:35:07.284+05:302012-08-23T23:35:07.284+05:30Gotcha!Thanks..:]Gotcha!Thanks..:]Debasish Mandalhttps://www.blogger.com/profile/04265583818630661310noreply@blogger.comtag:blogger.com,1999:blog-3959530707308851520.post-34337340375720381852012-08-23T23:12:43.168+05:302012-08-23T23:12:43.168+05:30I don't think that is going to work in an ASLR...I don't think that is going to work in an ASLR environment where Kernel32 base is also randomized. The address of LoadLibraryA resolved in your python process might not be same for the remote process hence CreateRemoteThread might attempt to execute invalid memory. The method will work if address of LoadLibraryA in your process is same as the target process you are trying to inject.<br /><br />The whole point of writing a Loader code (asm code) in my injector is to make it work in ASLR environment as well.Abhisek Dattahttps://www.blogger.com/profile/02370754419506287052noreply@blogger.comtag:blogger.com,1999:blog-3959530707308851520.post-23525514680817565512012-08-23T22:57:39.147+05:302012-08-23T22:57:39.147+05:30Opps..Sorry 4 that.It wasn't public.It's p...Opps..Sorry 4 that.It wasn't public.It's public now!Debasish Mandalhttps://www.blogger.com/profile/04265583818630661310noreply@blogger.comtag:blogger.com,1999:blog-3959530707308851520.post-67591844934320791222012-08-23T22:49:34.016+05:302012-08-23T22:49:34.016+05:30The snipt doesn't open for me, perhaps it is n...The snipt doesn't open for me, perhaps it is not public?Abhisek Dattahttps://www.blogger.com/profile/02370754419506287052noreply@blogger.comtag:blogger.com,1999:blog-3959530707308851520.post-35312056913062643492012-08-23T22:44:13.438+05:302012-08-23T22:44:13.438+05:30Would it be same, if we load arbitrary dll in this...Would it be same, if we load arbitrary dll in this way <br />https://snipt.net/debasishm89/dll-injection-using-python-ctypes/ <br /><br />using "Win32API" lib of ruby.Debasish Mandalhttps://www.blogger.com/profile/04265583818630661310noreply@blogger.com