开发者

Preventing DLL Uninjection

I am injecting a dll into a process which the help of a method I开发者_开发百科njectLibrary from MadCHook library. I was able to do it successfully. But then i tried to uninject it through a completely separate C++ program using the method UninjectLibrary() and I was successful. In short any one who knows the name of my dll will be able to uninject it. How can i prevent this? Thanks in advance!


The solution would be to use Manual Mapping as your DLL injection technique. In this way your DLL will be completely unknown to all the regular APIs which parse loaded DLLs. Your DLL will not be referenced in the PEB->Ldr linked list of modules, no PE header will exist as well.

In addition, just as a quick fix you could randomize the name of your DLL.

You could also hook FreeLibrary() and FreeLibraryAndExitThread(), check if they're trying to unload your DLL and just return.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜