Home Malware Analysis About

Deep Diving Process Injection

Whenever I wanted to look into Process Injection, I was always greeted with code; but not how it actually works. So, when I was given the opportunity to spend a few days looking at Process Injection theoretically, I did exactly that.

In Part 1, I detailed as much of the theory as I could into something digestable because I didn't want to rewrite Windows Internals. With that done, I wanted to go a bit more into modern day injection. The key difference here is the use of user-land WinAPI Hooking and how to inject code into a remote process in a somewhat secure way. This can be read in Part 2. its quite a simplistic approach, but it is something I would have wanted to read a year or two ago when i started this adventure.

  1. Process Injection Part 1: The Theory
  2. Process Injection Part 2: Modern Process Injection