We were addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.

mardi 30 décembre 2014

PE injector 'L0phtTnInject'

We are releasing our new tool L0phtTnInject , It does inject some shellcodes into a desired process .
Currently , it does only work with 32-bit executables , please don't expect it to work flawlessly on all targets. It may fail if the target is loaded with /DYNAMICBASE module or DEP is permanently active on it .
 On Windows XP it allocates enough room for the shellcode and executes it with 'CreateRemoteThread' .
Because On Windows Vista/Win7/Win8.1 the'CreateRemoteThread' does not work smoothly due to the 'thread session separation' ,so our injector creates an extra section named "L0phtTN" and loads it with a shellcode and then jumps back to the OEP .

   The injector does implement many features like :
      [+] It detects the presence of the debugger .(By checking the PEB )
      [+] The user can provide his own shellcode .
   Advice and Tips are welcome : https://github.com/dali-mrabet/L0phtTn_inject  



20 years old , computer secuirty enthusiast

0 commentaires:

Enregistrer un commentaire


Copyright @ 2013 l0pht_TN.

Designed by Templateify & Sponsored By Twigplay