> I've reverse engineered the backstealth program that's been going around, > with the original info found at > http://piorio.supereva.it/backstealth.htm?p Just incase you're interested, the general technique you've reversed here is very popular and well known. It's usually referred to as 'injecting a dll' and was first documented by Jeffrey Richter in a 1994 Windows System Journal article. His original source code (InjLib) is still around but a number of (open and closed source) tools use it, e.g fport and pwdump. As you've found, the ability to have code executed in the context of another process is very useful and many security schemes can be subverted this way (hell, when you think about it, kernel backdoors and viruses are really just souped up forms of this). Incidentally, injectso does pretty much the same thing on Solaris and Linux systems. Cheers, Shaun ~ ~
This archive was generated by hypermail 2b30 : Sat May 04 2002 - 10:49:33 PDT