Windows Process Injection: Poisoned Explorer1 minute read
Explorer process uses
LoadLibraryW function to load additional libraries at runtime, what if we overwrite the code of
LoadLibraryW and redirect it to our shellcode?!
Every time the
Explorer process calls
LoadLibraryW, our code will be called without any trigger from the attacker’s side.
(We can use any other function, some even more frequently used by the
Explorer process, also call overwritten function to avoid crashes)
Proof of Concept