Jump to content
  • 0

block injectors?


Nirvana22

Question

8 answers to this question

Recommended Posts

  • 0

You can't really block them,there is always a way to inject

But here is an example with python:

import os,dbg,app

my_pid = os.getpid()
dlls = os.popen("tasklist /F /FI 'PID eq "+my_pid+"'").read()
dll = 10
asi = 10
m3d = 10
flt = 10
if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt:
	dbg.LogBox('Error')
	# app.Exit()

To find you many dlls you have injected to your binary write in cmd:

tasklist /F /IM "PID eq your_pid_here"

and change the count for example you have 15 dlls so you write at dll = 15

  • Love 1
Link to comment
  • 0

You can't really block them,there is always a way to inject

But here is an example with python:

import os,dbg,app

my_pid = os.getpid()
dlls = os.popen("tasklist /F /IM 'PID eq "+my_pyd+"'").read()
dll = 10
asi = 10
m3d = 10
flt = 10
if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt:
	dbg.LogBox('Error')
	# app.Exit()

To find you many dlls you have injected to your binary write in cmd:

tasklist /F /IM "PID eq your_pid_here"

and change the count for example you have 15 dlls so you write at dll = 15

 

hello, this where I add?

 

Link to comment
  • 0
  • VIP

What if I rename the DLL to .banana and inject that file?

 

P.s.:

my_pyd is wrong. you declared it as my_pid before :)

 

Edit:

Manual mapping or any kind of deletion from module list will still be hidden and useable :)

 

Edit2:

On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID"

Are you sure that your script works at all?

spacer.png

Link to comment
  • 0

What if I rename the DLL to .banana and inject that file?

 

P.s.:

my_pyd is wrong. you declared it as my_pid before :)

 

Edit:

Manual mapping or any kind of deletion from module list will still be hidden and useable :)

 

Edit2:

On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID"

Are you sure that your script works at all?

I didn't say that this protection is the best.

I did the script in 2 mins I didn't check it for errors so i'm sorry :)

I know that this isn't the best way but it's something

Link to comment
  • 0

@Denic Cikiec your solution is easy for him but you can use to ctypes module for this. System always taken pid result may change. That's mean your system little security :)

 

Best Regards

Ellie

Do not be sorry, be better.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.