What makes a DLL file detected?

gaspix · 10/03/2014, 20:59

Hello everyone,
It is some days that I think about this thing, because we say that a dll injectata in the process of metin2 is detected?

What strategy using the staffer to protect themselves from dll injection? I thought that the various dll known to be gathered in a sort of database, and then once injectata a dll, a control was equal to occur if someone is already in the database for the collection, it is so or not so? If this is not how the system use to protect themselves?

Moreover, if it were so then there was a check from dll injectate and dll exist in the database, if you would change the entrypoint or the names of some functions of the dll, then rise from detected to undetected?

Same thing with regard to the python injection, I found that here using a different method to protect themselves because: a dll that pops up a message string "hello" can be injectata any client without any problems, while a python file using python loader injectato even if it does crash the whole vacuum. Does anyone have an explanation for all this?

Thanks in advance for the time you lose to answer.

~~grαyfox~~ · 10/03/2014, 21:46

when you block the thread/s a dll use for example

gaspix · 10/03/2014, 21:47

Yes, and is there a way to bypass this?

~~grαyfox~~ · 10/03/2014, 22:25

thats very difficult to say on this primitiv way, you have to look what you want to do, you have to analyse the file etc. thats not so easy to say how you think it is

gaspix · 10/04/2014, 10:59

Yes, but I think that there is a way to learn how to do this, no?
I want learn how work dll files, how modify them and other, how can I do?
Thanks and sorry for bad english but I'm Italian