Injection (not BSA) #59
Labels
Comments
|
I will take a look... |
Good question. Don't know - never tested it. |
|
The new release has a function to hide selected host processes from sandboxed processes. So what aside of "prevent deletion of file" is still missing from the functionality of those dll's ? |
Looks like antidel is really the only thing remaining. |
isaak654
added
documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Long long time ago in a galaxy far far away it was possible to inject not only BSA dll, but some others also:
Antidel: https://www79.zippyshare.com/v/TqgoF9pH/file.html - simple addon tricking the program to prevent deletion of file. Very helpful when analyzing something that tries to delete all traces after run.
SbieAKL: https://www78.zippyshare.com/v/63Q21Twz/file.html - is a dll used to block the keylogger and clipboard monitor which are sandboxed.
Sbiextra: https://www84.zippyshare.com/v/lnvKGG7X/file.html - DLL to block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox.
(Some additional info is attached in every archive).
I've tried to inject these good old modules but with no success.
Is it possible to implement these functionality?
The text was updated successfully, but these errors were encountered: