2

Let's say I have to write a Windows program that will at some time create one or more new processes with the corresponding executable images. I have known a few possible ways to do this:

  • The easy way is to extract this image to disk and create a new process from there.
  • As this question and its answerer suggested (load the image to a RAM drive like tmpfs - the Windows equivalence is UPX)

My question is: Is there any other way? I'm thinking of somehow turn the exec into a DLL and load it or even trojanized some of the running processes?

Community
  • 1
  • 1
Pham Trung Nghia
  • 43
  • 1
  • 5
  • What are you trying to do? Create a virus by the sounds of it... What's wrong with the 2 ways you suggested? Are you trying to inject a dll version of the exe into another running process? – Bali C Nov 09 '12 at 09:48
  • Actually I'm researching on ways you can create a wrapper/dropper for a malware. Those 2 ways are perfectly legit, but I want to know whether there are any other ways. – Pham Trung Nghia Nov 09 '12 at 10:30
  • Ok, but be aware that SO doesn't usually take kindly to writing malware, not me personally :) so +1 from me, but just a heads up – Bali C Nov 09 '12 at 10:37
  • Thanks, this was only a research, mostly for malware analysis, not for writing one though. – Pham Trung Nghia Nov 09 '12 at 16:43
  • See http://stackoverflow.com/questions/12697292/detecting-reflective-dll-injection – Harry Johnston Nov 11 '12 at 23:22
  • Wow, thanks. I actually do know vaguely about the VirtualProtect function and how it could be used in this particular case. I'll read up on the links. – Pham Trung Nghia Nov 12 '12 at 03:39

0 Answers0