One widely used dll injection technique is copying the dll path to the target process memory and calling CreateRemoteThread() using the address of LoadLibraryA as lpStartAddress. This relies on the fact that all processes have the same base address of kernel32.dll (and some other system dlls). On Wine only ntdll is always loaded to the same base address, so it's potentially possible to do the same for kernel32, right?
- base addresses of kernel32 Илья Басин
- Re: base addresses of kernel32 Marcus Meissner
- Re: base addresses of kernel32 Илья Басин
- Re: base addresses of kernel32 Tijl Coosemans
- Re[2]: base addresses of kernel32 Ilya Basin
- Re: base addresses of kernel32 Tijl Coosemans
- Re[2]: base addresses of ker... Ilya Basin
- Re: base addresses of ke... Vitaliy Margolen
- Re: base addresses of kernel32 James McKenzie
- Re: base addresses of kernel32 Vitaliy Margolen
- re: base addresses of kernel32 Dan Kegel
