Skip to content
/ DlliDetect Public

Detecting DLL Injection Threads Via Hooking LdrInitializeThunk.

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

etwhook/DlliDetect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
DlliDetect
DlliDetect
 
 
DlliDetect.sln
DlliDetect.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

DlliDetect

Detecting DLL Injection Threads Via Hooking LdrInitializeThunk.

Technical Overview

Since most DLL injectors will result to creating a thread with CreateRemoteThread which comes down to NtCreateThreadEx, We can hook LdrInitializeThunk to catch the thread before it executes and get its thread start address, This is possible because the windows kernel jumps to LdrInitializeThunk when a thread is created.

Resources

About

Detecting DLL Injection Threads Via Hooking LdrInitializeThunk.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages