You are here : Home » Learning security » Operating Systems » Windows » Code injection series » Bypass start address protection

Bypass start address protection

Code injection series part 2

D 5 September 2019     H 20:33     A Emeric Nasi     C 0 messages


agrandir


Prerequisites: This document requires some knowledge about Windows system programming. Also, it is mandatory to be familiar with concepts presented in Code injection series part 1.
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
Creative Commons License

I Introduction

Over the year several mechanisms were developed by vendors to prevent code injection. A common mechanism is to detect invalid start address of the injected thread. Here, as an example we are going to see how to bypass Firefox protections and Get-InjectedThread detection mechanism.

If you wish to read more about this, the document can be downloaded in a PDF format

PDF - 494.2 kb

Also in this section

1 September – Process PE Injection Basics

Any message or comments?
pre-moderation

This forum is moderated before publication: your contribution will only appear after being validated by an administrator.

Who are you?
Your post