This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label Process. Show all posts
Showing posts with label Process. Show all posts

InjectProc - Process Injection Techniques

June 03, 2017  , , , , , , ,  


Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.

There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.

Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.

DLL injection:
  • Open target process.
  • Allocate space.
  • Write code into the remote process.
  • Execute the remote code.

Process replacement:
  • Create target process and suspend it.
  • Unmap from memory.
  • Allocate space.
  • Write headers and sections into the remote process.
  • Resume remote thread.

Hook injection:
  • Find/Create process.
  • Set hook

APC injection:
  • Open process.
  • Allocate space.
  • Write code into remote threads.
  • "Execute" threads using QueueUserAPC.

Download
Windows x64 binary - x64 bit DEMO

Dependencies:
vc_redist.x64 - Microsoft Visual C++ Redistributable

DEMO


Read More

Daphne - Tool for killing, controlling and debugging processes in Windows

July 03, 2014  , , , , ,  


Daphne is a small application for killing, controlling and debugging Windows’ processes. It was born to kill a windows process and became almost a task manager replacement. You can kill a process by dragging the mouse over the windows, by right-clicking the process in the main process list, or by typing its name with the “Kill all by name” command. You can set a any window to be always on top, to be transparent, to be enable, et cetera. Although Daphne was born just to kill windows process. You can think of Daphne as a task manager replacement. The main window displays a list of currently running process with detailed information about: CPU usage, Process ID, Process name, Full path (and arguments), Priority, Class (Process / Service), Current memory usage, Peek memory usage, Current swap usage, Peek swap usage and Number of threads.

You can hide applications, hack programs GUI, and inspect deep process information.

New in Daphne v2.02:

  • Copy process list to clipboard in CSV format
  • Explorer integration add extras
  • Set window size using numbers (ie. 640x648)
  • Trap window size and position
  • Schedule popup message
  • Hanlde min/max process working set size
  • Drag and dro to find window in process windows tree
  • Fix: Explorer integration: 'Open CMD' shows over folder and files now
  • Fix: Installer takes care of removing previous version automatically


Read More

[Process Magic v2.0] Command-line Tool to Hide Windows Application or Launch New Process in Hidden Mode

August 28, 2013  , , ,  


Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode.


In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application.
Note that it hides the application by hiding its main window. So it will be seen in Task Manager or any process listing tools.

It will be ideal when you want to hide your application from other users to prevent it from being killed or just run a process in the background silently.

Being command-line tool makes it easy to use in your automation scripts and also suitable to operate on other systems remotely.

Read More

[Process Magic] Tool to Hide any Windows application in Hidden or Invisible mode

June 10, 2013  , , , , ,  


Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode.

In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application.

Note that it hides the application by hiding its main window. So it will be seen in Task Manager or any process listing tools.

It will be ideal when you want to hide your application from other users to prevent it from being killed or just run a process in the background silently.

Being command-line tool makes it easy to use in your automation scripts and also suitable to operate on other systems remotely.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Read More

[Show Threads] Tool to list all the Threads in the running Process

May 05, 2013  , , ,  


Show Threads is the small command-line Tool to list all the Threads in the running Process.

You can either specify the Process ID or Process Name to enumerate the threads. For each thread, it displays Thread ID and the Base Priority.

Being a command-line tool makes it easy for automation. It can be handy tool for developers as well as researchers.


Show Threads is fully portable and can be run directly without installation. Also it includes separate versions for 32-bit and 64-bit systems.

It works on all the platforms starting from Windows XP to Windows 8.

Read More

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

November 18, 2012  , , , ,  

What's VSD?

VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header, dump a given range of memory or even list and dump every virtual section present in the process.
Usage of VSD can be found here

Screenshots

VSD x86

Main window

Loaded modules


Handles

Threads

Patch

VSD x64



Latest changes

VSD x86

Version: 2.1 (18/11/2012)
  • Added "Ignore unnamed objects" in the window handles.
  • Added "Set Priority" feature in order to set the priority of a given process. issue 8
  • Added "Suspend process" and "Resume process" features. issue 10
  • Added "Suspend all threads before dumping". Using this option you can suspend the execution of a given process before to dump it. issue 5
  • Added updatevsd.exe. More information can be found here
Version: 2.0 (01/04/2012)
  • Added a menu bar.
  • Added a module list viewer.
  • Added Dump Full and Dump Partial over a specific module.
  • Added sorting feature in the module list viewer.
  • Added a handle list viewer.
  • Added sorting feature in the handle list viewer.
  • Added a thread list viewer.
  • Added Resume, Terminate and Suspend functions in the thread list viewer.
  • Added the "Patch" feature.
  • Bugfixes in some functions.
  • Code refactoring in some functions. The code still needs a lot of improvements :P
Version: 1.1
  • Fixed a bug in the PastePEHeader() function when calculating the offset of the original PE Header.
Version: 1.0
  • First stable release (I hope so :)

VSD x64

Version: 1.0
  • First stable release. 

Download Virtualsectiondumper

http://adf.ly/146CHL

Read More
Subscribe to: Posts (Atom)