timwhitez starred IDLE-Abuse
2023-5-6 15:43:9 Author: github.com(查看原文) 阅读量:31 收藏

Alt text

IDLE Abuse :A simple technique to detect when a Windows process becomes idle and inject malicious code into it. This technique relies on an undocumented Windows API function called RegisterWaitForInputIdle, which allows a callback function to be registered and called when a process becomes idle.

The PoC, written by Navneet Raj and ElementalX , demonstrates the use of this technique by registering a callback function that injects a meterpreter shellcode into the Windows calculator process when the process spawned by WinExec function becomes idle. Thanks to folks at Stack Overflow & REACT OS Source code for showing us the correct direction.

Special thanks to modexp for helping us with the code overview.


文章来源: https://github.com/RixedLabs/IDLE-Abuse
如有侵权请联系:admin#unsafe.sh