The DLL injection

DLL or Dynamic Link Libraries are resources and functions that are shared among different processes running within the system. Some processes and programs require special external DLLs, which can be included with the program to run properly. As DLLs usually run within the processes in memory, they are usually targeted by the malware as a way to access and control other processes in memory. DLLs are loaded into the process with different ways:

Dynamic linking: This is when an executable has an Import Address Table (IAT), which describes the resources needed for this executable to load along with their addresses, which are loaded in the process memory space.
Runtime Dynamic Linking: Some DLLs may not be mentioned in the IAT, but ...

Get Practical Windows Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Windows Forensics by Ayman Shaaban, Konstantin Sapronov

The DLL injection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly