Compressing the to inject dll
Compressing the to inject dll
Hello
anyone knows what would happen if I compress the to inject dll with tools like UPX or Aspack?
anyone knows what would happen if I compress the to inject dll with tools like UPX or Aspack?
It might result in problems. I'd strongly recommend to not do that. See hooking rule 2:
http://help.madshi.net/HookingRules.htm
Hook dlls should try to be as invisible as possible. So they should avoid to do any unnecessary work like uncompressing themselves.
http://help.madshi.net/HookingRules.htm
When UPXing the hook dll, it will have to be uncompressed again and again in every single running process on the OS. That can't be good for performance. Also doing unUPXing in memory in system processes doesn't seem like a good idea to me.2. Only do what is absolutely necessary.
Hook dlls should try to be as invisible as possible. So they should avoid to do any unnecessary work like uncompressing themselves.
Well, I have a software (it's a program by a Korean AV maker)in my PC that uses madCodeHook; its hooker dll is compressed, and it also has some anti-dissasembly tricks in it....and it hooks system wide! Pretty nasty, but it is working. So, I believe there won't be much problem compressing the hooking dll...
I think I should avoid pointing it out explicitly, because Madshi might get upset. But if you are interested, search for "HackShield", and you will get there soon. This product uses madCodeHook. It also uses many kinds of nasty rootkit techniques such as service table hooking, page fault handler hooking, and memory cloaking stuff; it does a complete take over of the user PC in order to achieve its goal... Really barbaric!!uall wrote:@linden: link to the Korean AV maker?
Well, then, this is it!
http://info.ahnlab.com/english/product/01_1_15.html
http://info.ahnlab.com/english/product/01_1_15.html