devlucidmaj7's development

DLL Injection using CreateRemoteThread One of the methods of DLL injection is to create a RemoteThread and load the desired DLL into the target process.  This is one of the simplest and most widely used methods.  CreateRemoteThread You can create a thread in another process using the API. CreateRemoteThread If you browse on MSDN, you'll see the following in Remarks: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread   CreateRemoteThread function (processthreadsapi.h)-Win32 apps Creates a thread that runs in the virtual address space of another process. docs.microsoft.com Terminal Services isolates each terminal session by design.  Therefore,  CreateRemoteThread  fails if the target process is in a different session than the calling process. In translation, Terminal Services Pros say that if the target process is running in a different session, it will fail because the session is specified and executed

Using Overlapped I / O in DeviceIoControl Various methods can be used, such as  synchronizing with events and continuously receiving events through polling, to monitor the frequent events in the kernel driver one by one in user mode  . Scenario in question Imagine that you continue to receive events with relatively simple polling.  The kernel driver queues the event that occurred, and the user mode application issues the IOCTL to retrieve the contents of the queue.  In this type of logic, the user-mode application will  While execute the same loop as  DeviceIoControl and will continue to communicate with the driver by calling. while ( true ) { BOOL ret = DeviceIoControl(hDevice, IOCTL_RECV, &data, sizeof (DATA), 0 , 0 ,&dwReturn, NULL ); if (ret) { // 처리.. } } DeviceIoControl Blocking 발생 In the previously used logic,  DeviceIoControl blocking occurs  until an event occurs in the kernel driver  .  DeviceIoControl Blocking occurs in the user m

To test the UEFI boot environment, I created a second generation virtual machine in Hyper-V. And I had to configure the Com port to attach the kernel debugger.  However, the Com Port device was not visible in the 2nd generation Hyper-V VM.  Invisible Com port device Hyper-V 2nd generation VM must be assigned a pipe to the Com port to be visible in the device list. 1. VM termination First, shut down the VM before working. 2. Run as Powrshell administrator Detailed configuration of Hyper-V VM can be done through Powershell command.  Run Powershell with administrator privileges.  3. set-vmcomport  Run the following command to activate the com port. set -vmcomport -vmname [VM이름] -number [COM포트번호] [파이프이름] To check the COM port to which the pipe is assigned, execute the following command. get -vmcomport -vmname [VM이름] The following is an example of command execution.  https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmcomport?view=win10-ps

driver The driver is ... So long ago, I needed something to buy and use a new device on my computer.  In the box of the new device you purchased, the manual and warranty card are enclosed, and a floppy disk or CD-ROM is included.  You could use the device by inserting a floppy disk or CD into the computer and installing something.  This is a device driver program.  Device drivers make certain devices available to your computer. When you hear the word driver, the first thing that comes to mind is not a program.  A screwdriver that turns like a screw comes to mind first.  It is a computer term that is not translated into Korean.  It confuses us from here.  It is a word that reads a book and goes to MDSN to learn the concept, but does not reach the heart.  However, fortunately, the friends in the north translated it in Korean and used it as "device driver" or "device driver program".  Their interpretation is probably kneeling!  It is an interpretation that makes y