Preventing DLL injection?

Problems? Post here...
Post Reply
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Preventing DLL injection?

Post by ayu »

A common way for malware to fuck up your computer, is to inject itself into already running processes, which can make the removal pretty annoying if it injects itself in a process like winlogon, which logs you off if you shut it down.

So, how would i prevent a DLL from injecting into a process?

Process guard? would that work? =/
Last edited by ayu on 07 May 2008, 03:36, edited 1 time in total.

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
18

Post by Gogeta70 »

No, process guard won't work. I injected a dll into another application and nothing happened with PG...
¯\_(ツ)_/¯ It works on my machine...

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

hmm ok...

For some reason i believe that DLL injection hasn't been discovered as a real threat yet, or is simply not taken seriously enough.

Because i have been (from time to time) looking for a way to either stop it or "eject" DLL's from processes, but everything seems to fail.

I know that AVG anti virus has a "force removal" function that can remove DLL files even if they are injected, i dunno how that works though, might mail them and see if i can squeeze out some info about it.

Dunno why it should be so hard to do =/ Process explorer can remove handles (or wtf it's called) from processes, but doesn't seem to be able to remove DLL's even if you can search for them in the processes.

Microsoft also has a handle tool to remove handles from processes, this tool also seems to be ineffective against DLL's.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

IceSword is able to unload DLLs:
http://www.antirootkit.com/software/IceSword.htm
be cautious with that tool, you can cause severe system damage with it..
:wink:

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

omfg YAY!!!

Awesome b_b! =D thanks ^^

Image

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

np...^^

and now to something completely different:
nice kittie, Main Coone I think.... :) I would love to have a cat, thought about a Norsk Skogkatt, but I guess my Jack Russel would not really like it... :lol:

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

off topic: Get a Bengal or Ashera :wink: expensive, but so worth it ^^
"The best place to hide a tree, is in a forest"

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

cats and dogs

Post by DNR »

Image
Image


I do prefer dogs, but I am never really home much for that. Cats can be good 'alarm' animals, they can hear well and signal if someone is around the property just as well as a dog.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
Cuppycake
Newbie
Newbie
Posts: 3
Joined: 07 May 2008, 16:00
15
Contact:

Post by Cuppycake »

The only thing my cat signals is "food time"

Post Reply