Re: base addresses of kernel32

4 Jul 2010


      On Sun, Jul 04, 2010 at 10:04:01AM +0400, Илья Басин wrote:
...
One widely used dll injection technique is copying the dll path to the
target process memory and calling CreateRemoteThread() using the address of
LoadLibraryA as lpStartAddress. This relies on the fact that all processes
have the same base address of kernel32.dll (and some other system dlls).
On Wine only ntdll is always loaded to the same base address, so it's
potentially possible to do the same for kernel32, right?
kernel32 is also loaded to the same base address.
(the Makefile has:
EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
)
Are you seeing otherwise?
Ciao, Marcus

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: base addresses of kernel32