1
00:00:00,090 --> 00:00:06,090
So in this, you know, we'll be seeing how to inject the shark in the remote process using these three

2
00:00:06,090 --> 00:00:06,750
functions.

3
00:00:07,260 --> 00:00:09,410
So first one is virtual objects.

4
00:00:09,450 --> 00:00:13,870
So we'll be creating memory regions using this function in the remote process.

5
00:00:14,790 --> 00:00:19,500
And the second one is we'll be writing to the process, memory, our shared code.

6
00:00:19,800 --> 00:00:25,920
And next one is we will be creating this remote thread to execute that function.

7
00:00:27,910 --> 00:00:34,510
So let's see this function which looks so it's similar to what you write up, but we'll just bring the

8
00:00:34,510 --> 00:00:43,240
handle to the process to create the virtual address space of memory region in this virtual space of

9
00:00:43,240 --> 00:00:44,170
this process.

10
00:00:48,880 --> 00:00:52,390
So I have already made this open process.

11
00:00:52,810 --> 00:00:54,700
So let's go and create.

12
00:01:06,620 --> 00:01:12,860
And the return type is the pointer to that memory with the.

13
00:01:23,030 --> 00:01:26,150
And the first one is the process handle.

14
00:01:27,800 --> 00:01:29,840
And second one needs the address.

15
00:01:31,630 --> 00:01:34,540
Where we want to write to that.

16
00:01:34,540 --> 00:01:42,600
You also point out and to any size so it should be integer and needs allocation.

17
00:01:42,970 --> 00:01:44,500
This is similar to a on Iraq.

18
00:01:44,890 --> 00:01:48,280
So we'll be using our memory card and memory reserve for this.

19
00:01:49,760 --> 00:01:52,670
So that is also I can you that we do.

20
00:01:54,530 --> 00:02:00,630
And the production that is going to be using the to group.

21
00:02:02,520 --> 00:02:07,830
So we can we'll be writing and then executing so we can specify this one.

22
00:02:15,340 --> 00:02:18,010
So this function has been defined.

23
00:02:18,040 --> 00:02:21,100
Now let's go and define this function by process memory.

24
00:02:21,550 --> 00:02:25,330
So to write the data to an area of memory in this process.

25
00:02:27,010 --> 00:02:36,460
So what you can see there is there are some permissions are mandatory that run this process medium operation

26
00:02:39,310 --> 00:02:47,030
to get this region write operation for the right placement you need to have this process medium rate

27
00:02:47,050 --> 00:02:52,780
and process Veeam operation permissions and the remote trade in that process.

28
00:02:52,780 --> 00:02:58,450
We need to have this process created quite information and training distribution.

29
00:02:59,470 --> 00:03:03,820
So these are the constants you can see these constant values here.

30
00:03:03,990 --> 00:03:10,960
You can see are this grid created by the information we are modulation grid, right.

31
00:03:10,960 --> 00:03:15,880
So I have already copied we are into these variables, as you can see here.

32
00:03:28,290 --> 00:03:32,820
So the return rate presumably is the bullion.

33
00:03:35,030 --> 00:03:37,520
So let's see each and every parameter.

34
00:03:37,790 --> 00:03:38,990
First one is the process.

35
00:03:38,990 --> 00:03:41,450
And so which process?

36
00:03:41,450 --> 00:03:48,260
We want to write the memory that is specified by this process handle.

37
00:03:48,920 --> 00:03:57,050
And the second one is the best address within this virtual address, whether this process that is the

38
00:03:57,050 --> 00:04:03,320
pointer to this address which you'll be getting from this function.

39
00:04:11,420 --> 00:04:12,900
And a pragmatist buffer.

40
00:04:13,040 --> 00:04:20,900
So this is the what you want to actually write into that review so we can declare this as bioterror.

41
00:04:23,510 --> 00:04:29,990
And then actually say, so how much you want to send the contents of this buffer?

42
00:04:32,360 --> 00:04:35,300
And our piece, the number of bytes written.

43
00:04:35,600 --> 00:04:44,150
So this variable tells us how much of the words were written into this memory region from this buffer.

44
00:04:44,750 --> 00:04:48,770
So we can say reference integer number of bytes written.

45
00:04:49,280 --> 00:04:53,960
So this function has been completed and the last function is created.

46
00:04:54,320 --> 00:05:04,010
So we'll be creating a remote thread for this process and that will execute our so-called other function.

47
00:05:17,050 --> 00:05:22,750
So there are ten types that try to handle which are.

48
00:05:25,600 --> 00:05:29,950
And let's see the first parameter that is actually the handle to the process.

49
00:05:36,730 --> 00:05:40,140
And this one is the predator world.

50
00:05:40,150 --> 00:05:42,580
So good that you can do this.

51
00:05:42,940 --> 00:05:45,430
This will be inherited from the patent process.

52
00:05:51,350 --> 00:05:57,260
And the stag says you're going to see the stag says you can see this red zero and the neutral uses the

53
00:05:57,270 --> 00:06:05,630
deferred sales for the executable so we can specify zero here and the start address, the starting address,

54
00:06:05,870 --> 00:06:12,560
and you can just pass the pointer which you got from this function.

55
00:06:12,920 --> 00:06:19,740
Actually, this pointer is the, uh, pointing to the function of the type registered protein.

56
00:06:20,480 --> 00:06:29,780
So if you search for this and here you can see, so we have a greater function in our application and

57
00:06:29,780 --> 00:06:35,120
it should accept one parameter and the trend will start this function.

58
00:06:35,600 --> 00:06:42,830
So dietary needs a pointer pointing to the function so that red goes and executes that function.

59
00:06:45,030 --> 00:06:53,380
So we can just specify this lateral function, so existing to some previous material where we have space

60
00:06:53,400 --> 00:06:55,590
for the delegate as a function pointer.

61
00:06:55,830 --> 00:06:58,560
So this thread automatically takes as a function white.

62
00:06:58,680 --> 00:07:00,600
So we now need to convert this into delegate.

63
00:07:08,530 --> 00:07:10,060
And then a Chinese parameter.

64
00:07:10,330 --> 00:07:11,410
This is a function.

65
00:07:11,800 --> 00:07:16,540
If you want any parameters, you can pass this and the creation flex.

66
00:07:16,720 --> 00:07:20,260
So we can do that, as you can see here.

67
00:07:20,410 --> 00:07:24,490
Zero indicates that immediately after creation.

68
00:07:26,080 --> 00:07:29,650
If you miss this great suspended, you need to guard this resume.

69
00:07:29,920 --> 00:07:31,660
So please find zero.

70
00:07:34,330 --> 00:07:35,760
In the last ministry data.

71
00:07:35,770 --> 00:07:40,960
This is the output so we can put this that read daily.

72
00:08:00,810 --> 00:08:04,230
So our functions are defined successfully.

73
00:08:05,210 --> 00:08:12,120
Now you're going to see I already ordered these constants to get this process created.

74
00:08:12,300 --> 00:08:15,390
Query information and VM Operation Redirect.

75
00:08:17,070 --> 00:08:19,180
So that's going to pointer.

76
00:08:20,370 --> 00:08:25,320
But I'll handle the course to open process.

77
00:08:25,890 --> 00:08:28,080
And the first one is our desired axis.

78
00:08:28,230 --> 00:08:29,670
This is a desert axis.

79
00:08:30,240 --> 00:08:33,960
And in order to handle the force and the.

80
00:08:34,830 --> 00:08:40,290
So we can make this command line argument.

81
00:08:45,320 --> 00:08:45,590
Okay.

82
00:08:45,590 --> 00:08:48,650
We need to convert this to convert the.

83
00:08:50,870 --> 00:08:53,720
Going to 32 of the streets or.

84
00:08:57,090 --> 00:09:05,370
So we got this process and now we need to allocate some memory using this material objects.

85
00:09:10,330 --> 00:09:11,620
The first one is the.

86
00:09:13,750 --> 00:09:14,170
Process.

87
00:09:14,500 --> 00:09:16,300
And the second one is the.

88
00:09:19,470 --> 00:09:21,420
Address, we can specify zero.

89
00:09:21,750 --> 00:09:32,490
So this will tell the operating system to find the empty space region and allocate the sites from there.

90
00:09:33,060 --> 00:09:34,680
So the size of.

91
00:09:36,820 --> 00:09:41,210
The memory region that is so I have already got this category record.

92
00:09:41,230 --> 00:09:48,520
You can see this is also same from the previous year and this year x86 architecture of categories are

93
00:09:48,520 --> 00:09:49,300
called so.

94
00:09:51,390 --> 00:09:52,280
So we can say.

95
00:09:55,170 --> 00:09:56,330
Cheryl Cole.

96
00:09:57,410 --> 00:09:59,960
So you see the calls to both freedom and.

97
00:10:03,710 --> 00:10:10,730
So circle around the squad face the diesel side you want to create an altercation type is commit on

98
00:10:10,820 --> 00:10:11,970
and what is that?

99
00:10:14,780 --> 00:10:16,220
And the last one is production.

100
00:10:16,460 --> 00:10:20,030
That is page rate and the return.

101
00:10:24,550 --> 00:10:26,260
So how do you regret this more?

102
00:10:26,260 --> 00:10:26,650
This one.

103
00:10:30,250 --> 00:10:34,960
So the written type is the pointer to that starting address.

104
00:10:34,990 --> 00:10:36,530
So it's starting here.

105
00:10:37,750 --> 00:10:43,480
So now we got the pointer to the starting address to that memory region.

106
00:10:43,720 --> 00:10:45,370
We need to fill that with the circle.

107
00:10:46,810 --> 00:10:49,810
So we're going to write process memory.

108
00:10:51,670 --> 00:10:55,690
And the first one is the process handle.

109
00:10:56,080 --> 00:11:00,010
And second one is our base address, which is starting pointer.

110
00:11:00,070 --> 00:11:03,520
And the next one is what we want the rate that is above.

111
00:11:04,990 --> 00:11:08,230
And the size is shared called underscore size.

112
00:11:09,770 --> 00:11:13,940
And the last one is the reference to this integer.

113
00:11:14,240 --> 00:11:18,560
So we can create in bytes written is equal to zero.

114
00:11:18,980 --> 00:11:23,690
So we can pass this as a reference reference bytes written.

115
00:11:26,080 --> 00:11:28,720
So the output is a billion.

116
00:11:28,720 --> 00:11:30,040
We can just ignore that one.

117
00:11:31,090 --> 00:11:33,100
So we can also put into this.

118
00:11:34,850 --> 00:11:35,830
Bytes written.

119
00:11:40,760 --> 00:11:41,650
Bytes written.

120
00:11:45,510 --> 00:11:51,360
Now this will indicate that actually, if there are any bites, uh, if there are any, uh.

121
00:11:52,660 --> 00:11:53,500
That is correct.

122
00:11:54,100 --> 00:11:55,590
This would indicate the not.

123
00:11:57,030 --> 00:12:05,910
So we should see the R and D as their output here so that our function will be using is created.

124
00:12:09,660 --> 00:12:10,860
And the first one is.

125
00:12:14,270 --> 00:12:15,230
But our handle.

126
00:12:17,210 --> 00:12:21,530
And this one is not stag size zero.

127
00:12:22,820 --> 00:12:25,130
And starting at the starting air.

128
00:12:34,120 --> 00:12:37,390
And this one is also Juno and the creation for X.

129
00:12:41,740 --> 00:12:43,150
Creation Praxis zero.

130
00:12:44,020 --> 00:12:45,880
We want to discard the thread immediately.

131
00:12:46,600 --> 00:12:47,740
And the last one is.

132
00:12:50,330 --> 00:12:57,860
You can print out this one so we can set our priority course to.

133
00:12:59,910 --> 00:13:00,510
Zero.

134
00:13:23,960 --> 00:13:25,840
And now how?

135
00:13:30,500 --> 00:13:30,830
Sorry.

136
00:13:30,830 --> 00:13:35,930
This is not, uh, but this is the trade daily.

137
00:13:44,120 --> 00:13:46,490
So here we are.

138
00:13:51,500 --> 00:13:52,780
So now we should be good.

139
00:13:52,780 --> 00:13:53,130
To what?

140
00:13:54,780 --> 00:14:03,510
So we get the trade daily and the third quarter this got it done so we can print out this.

141
00:14:05,910 --> 00:14:05,970
A.

142
00:14:09,660 --> 00:14:10,980
So I think we are good to go.

143
00:14:19,430 --> 00:14:26,090
So one thing you need to know this is we need to compile this for x86 and for x64.

144
00:14:26,720 --> 00:14:29,630
So for right click on this properties below.

145
00:14:30,350 --> 00:14:41,510
So you can see I have made this to x86 so because our shared code is in x86.

146
00:14:42,110 --> 00:14:45,500
So if you for one you need to compile

147
00:14:48,620 --> 00:14:52,670
like x86 one for like 36 and another for x64.

148
00:14:58,780 --> 00:14:59,500
So care.

149
00:15:07,860 --> 00:15:10,530
Let's open and then x86 PowerShell.

150
00:15:15,980 --> 00:15:18,530
So we have seven, six, four, three, six.

151
00:15:19,160 --> 00:15:20,360
So that's up another one.

152
00:15:21,680 --> 00:15:24,400
And here you can see 8500.

153
00:15:24,410 --> 00:15:26,390
So we'll be trying to inject into this one.

154
00:15:27,590 --> 00:15:28,580
€5 zero.

155
00:15:30,380 --> 00:15:32,060
And we should see that.

156
00:15:32,210 --> 00:15:34,390
We can see that character has been popular.

157
00:15:38,350 --> 00:15:42,010
So you can with the yourself as well.

158
00:15:45,200 --> 00:15:48,930
And we need to make sure that our format is special.

159
00:15:49,190 --> 00:15:55,660
So this is how you inject digital got into the process using the creator mode.

160
00:15:56,130 --> 00:15:57,140
So this.

161
00:15:58,310 --> 00:16:06,410
All of this objects to look at the region and then relating to that region and creating the trade with

162
00:16:06,440 --> 00:16:07,430
the goods that.