Description: The characteristics are as follows:
Directly loaded in memory, diskless occupancy
Support shell protection DLL, usually the most used VMP, please own other shell test
No module loading, because loadlibary is rewritten, if necessary, please register yourself.
Support injection into the target process. First, use the corresponding permission to open the target.
The modifications to the original code are as follows:
The intranet assembly is used to replace the library call of the original c/c++, so that the injected code is feasible.
Support direct use of resource loading and injection
Support loading exe, please hook some functions to ensure that exe is running correctly.
Adding inline injection
Small amount of code is added to ensure maximum error of compiler.
Sample code injected
To Search:
File list (Check if you may need any files):
Filename | Size | Date |
---|
memdll.cpp | 26401 | 2015-11-24
|
memdll.h | 2053 | 2015-11-23 |