DLL Injection

GPTKB entity

Statements (32)
Predicate Object
gptkbp:instanceOf Cybersecurity attack technique
gptkbp:describes Technique of running code within the address space of another process by forcing it to load a dynamic-link library (DLL).
gptkbp:detects Can be detected by monitoring process memory and loaded modules
gptkbp:field Software engineering
Computer security
gptkbp:firstDocumented 1990s
https://www.w3.org/2000/01/rdf-schema#label DLL Injection
gptkbp:method AppInit_DLLs registry key
Manual mapping
Reflective DLL injection
Remote thread creation
SetWindowsHookEx API
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:prevention Enabling Address Space Layout Randomization (ASLR)
Enabling Data Execution Prevention (DEP)
Restricting user privileges
Use of code signing
gptkbp:purpose To execute arbitrary code in the context of another process
gptkbp:relatedTo API hooking
Code injection
Process hollowing
gptkbp:riskFactor Can be used to bypass security controls
Can be used to escalate privileges
Can be used to steal sensitive information
gptkbp:target Antivirus evasion
Banking trojans
Game cheating
Password stealing malware
gptkbp:usedIn Penetration testing
Malware development
gptkbp:bfsParent gptkb:Privilege_Escalation
gptkbp:bfsLayer 6