DLL vs EXE | Windows DLL Hell
ฝัง
- เผยแพร่เมื่อ 26 ก.ย. 2024
- In this video I talk about DLL vs EXE files, static vs dynamic linking, dll injection, and demonstrate how malware can infect your system without ever running a malicious process/exe file, and simply using a legitimate windows process. Example: Blue/Eternal Petya
Wingamer25 is now fighting malware with a flaming katana, why flaming? cause those games make the GPU run hot!
danooct1 has been fighting malware for a long time now, with a DOS box and his grandma's Windows 98 cd. Reinstall..Reinfect..Repeat.
Want to be mentioned here, or just want to support the channel? Check out my Patreon page:
/ tpsc
-------------------------------------------
Want to join the TPSC community? Join our Discord server!
discordapp.com...
Want instant updates when new malware is discovered? Follow me on Twitter: / leotpsc
Him having all of those ransomware files is like a police officer having a room full of one of each type of drug
i think they have those, that doesnt seem too unreasonable
hes on a emulater or vc prolly
This is a nice video, and I do understand it's a bit old but I wanted to mention that dynamic linking is not necessarily all downsides when it comes to security.
In the case of several applications using a dynamically linked routine that's exploitable in some way, then that same exploit may be patched for the shared routine only without having to update every single (and potentially poorly maintained) application that uses it.
Again, I'm sure this is something you're aware of, but I wanted to show there are more benefits to dynamic linking than just memory efficiency
Thanks! You're doing good work
I learned a lot here. Had a side project where I needed to script running a .dll file, I got up to learning how to call the file with rundll32, but got sidetracked when that wasn't enough. Thanks for showing me the ordinal
That's just one excellent topic!
Great explanation! Kudos!
DLLs? My favorite links. 🤣
Secure OSes? Let me take my spacetimeship so I can check in parallel universe. 🚀😁
Are you asking for a secure os?
If so (and if your laptop/pc is decently compatible) than I would recommend Qubes OS. Everyone likes to say this or that OS is safe if you do ... -insert long explanation-
Qubes OS is run via virtualization, you have so many "qubes" which are different types of OS's sounds complicated but they are all exactly the same. Some have persistent storage (business, home, etc) while others do not. The ones that are not trusted can not come in contact with any other qube. So if something serious does happen the only data that is compromised is the data in that qube. Everything and I mean everything is run virtually on bear metal (Zen I believe) anything from audio drivers to the operating system itself are all ran independently from each other so if there was some exploit in the audio driver the only thing that could be compromised is the data (the audio driver) in that individual qube.
I suck with explanations
www.tomshardware.com/news/qubes-os-4.0-fully-virtualized-vms,36774.html
What's crackin' fellow kids.
wtf
The curtain has been pulled back and the Wizard has been revealed. Always great info on this channel. Thanks for and continue posting. :D
Very inrteresting video. Thanks for information!
Man you really amazed me! As, I'm a developer I thought I may already know the basics of these dynamic linking, but man, you showed me the "WAY" how they work, and that was truly mind blowing for me
If we keep watching videos like this, I think in few years (maybe months) we all become cybersecurity expert.
Thanks!
This is not how it works buddy
For those who don't know you can also right click the start menu and run cmd as admin from there.
It looks like, it now links to powershell rather than cmd but same difference.
Or Windows Key + X
And also, when searching for a program you can press Shift+ENTER to run the program without right-clicking on it.
Question. Have there been any other malware like WannaCry that can infect your system simply by being connected to the internet?
Non-Urban Ninja newpetya Ransomware but it has to have a pc on a local network to be infected
If you have a vulnerable service that is waiting for incoming data, yes
Windows had a bug in the start menu (I guess using the online search function) that could have taken over the system.
I don't think it has happened though since it got public after they fixed it
But who knows. It's Windows
Minh Bui Tuan I think he was talking about just leaving the computer on without having any programs open
except those that are started automatically
I use fast torrent to download faster from browsers and some occasional 90s tv shows and leave it on download. I have firewalls on though, I'm worried if I can get malware from this habit?
Cy Sy if it's illegal, the files themselves are very likely to be the malware
The firewall just blocks certain types of traffic so it can either block an infected file or don't block it. But it won't clean the infection
Very Nice Explanatio,Sir.Needs More From You.
thank you Leo, this was very informative :)
Absolutely right. And since we now also have python and nw.js, new problems are at sight, because while a C++ code can be modified to make it hidden from antiviruses, Python and Javascript allow the execution of a dynamically generated code. So you can just encrypt the virus with a different key and boom, the virus is once more impossible to detect via scan. The only way to find it is to detect function calls at runtime.
Or we can be like iOS and disable encrypted files altogether. Which would be a huge security concern.
This is interesting
Thank you
this video is AWESOME. thank you!!!!!!
Very good referential video here, Leo :-) now when anyone asks if DLL's can be harmful or how they can be harmful if they''re not the executables you can simply refer them here..
I love your videos men keep the good work!
This is so useful for the end user if they are even a little bit computer knowledgeable.
Nice explanation! Thank you.
Hi Leo, Many of these issues of course come from downloading programs with cracks and key generators that manipulate the software in order to use it at no cost. Thanks for the info.
Really nice and interesting vid easy to understand and concise.
👍
"cuz I suck" ha.
I feel slightly better about my own abilites.
Wow this was great. Thank you for the vid.
really loved the vid
thanks
If you right click the start button you can access a lot of programs that you usually require searching for.
That or use Classic Shell.
classicshell.net/whycsm/
Default search is essentially a miss of what you are searching for.
Libraires, may they be DLL on Windows or SO on others, are kinda necessary as they represent the non executable and non entry point layers of a big executable, which uses them as depedencies.
When you make a software for desktop, there are layers from a dev's point of view : user interface (usually graphical these days but that's optionnal), business logic (where all the decisions are made), data access (to save and retrieve things) and business object (to picture stuff in memory). Interface is also used as an entry point and thus will be the executable, but each other layer will become a library and they will depend to each other in a precise way. Interface depends on logic and objects. Logic depend on data access and on objects. Data access only depends on objects.
Obviously i am simplifying a bit but all serious projects have that layer system just for better handling how to find and do things. It's a tidy oneself system, quite efficient at that. You can underline all you want the current risks, it's useful to do, but i believe it to make more sense when coupled with the reason why it's done this way in the first place. Sticks better when it's instructive, i think. ;-)
Don't we have checksums and signatures for DLLs that are used by the linker to check for potential change?
Stuff like this is why I obsessively run everything inside of sandboxie with comodo I.S. set to auto-block the unknown on the hips, firewall, and auto-containment. I also clear the sandbox directories very often
I am doing a project in school on self-propagating malware and am zeroing in on NotPetya, Taking a shot in the dark here. I was wondering if you knew of a good db to get a hold of malware for sandbox testing. Also thank you so much for this video I have a much better understanding of how DLL injection is so scary and stealthy.
Great videos. Keep this going.
where can I get that sample Dll of malware Bluepetya?
Hello , and thanks for the video.
Are your malware samples accessible, and if yes, where can i find them?
Hi, your videos are great. I have a suggestion for your next video.
Can media files (pictures for example JPG, sound for example MP3, and video for example DAT or MP4) get malware injected into them?
Really interesting video. Great job !
Btw, right click the start button or use Win + X. You'll have the choice of starting cmd normally or as admin, along with other things.
Dynamic Link Libraries can be quite the problem for security...
Amazing
Oh boy, i really love ur channel. But can u provide us more information about security in any LinuxOS?
no one the best part on linux is that you dont need an antivirus because most viruses are made just for windows.
awesome
That's why using hips is a good idea
Hi i want to ask i want installed face rig and it has.....and it has .dll file which i nid to paste to another file but Ecvertime i do dat it alwys disappear and anti virus pop Up does it mean it has virus?
interesante, buen video
Thank you
Can you make it more secure by having a front end say on the operating system. so the interface would be user friendly and it communicates with the back-end of the operating system where the security lays deep and is always check the front end. Similar to a virtualbox I suppose but built in
Uhm, no. That would be like working in a Virtual Machine all the time which does not increase security. If your important files are in a virtual machine that is infected with a Ransomware for example, they would still be encrypted. Things are not working like this. Virtual machines can protect the host system from malicious software but not themselfes.
Basically most game exploits are DLLs with injectors so that kind of means you can't know if it's a virus or a legitimate exploit as they usually get false-positived by antiviruses.
Very nice
Great video! I found multiole dll.bak) folder that refuses to be deleted in a temporary folder. Should I be concerned. You did such a great job helping me understand I thought I would ask.
I got a ransomware that told me to pay 200$ worth of doge coins in 72 hours. Its weird because i got it out of nowhere like it appeared randomly. But before i got the ransomware my laptop camera kept on flashing for no reason. I got rid of the ransomware and my camera stop flashing and the ransomware wouldnt pop up anymore. I was scared.
Blue Yoshi If there is anybody else using the same Wi fi as you they could have gotten it. Or maybe you connected to a public WiFi once and somebody installed some spyware packaged with ransomware. What was the name of the ransomware?
So would Kaspersky detect this .dll file?
Just downloaded something risky, I’ve scanned the exe but the file has a lot of dll’s
Might I have a virus or malware?
Oliver Binetti having a lot of dlls doesn't mean that's it's malware it just means that the program is made up of a lot of modules
Oliver Binetti This is quite old, if you still want to know then reply to me.
I guess that most antiviruses scans all dlls
Please do a review of 'ahnlab v3 internet security'?
Omg thanks:)))
Can you please review panda Dome antivirus? Thank you.
If you use "Ctrl" + "Shit" and then click on the program it will execute as Administrator
IOBit Malware Fighter Pro 6 just came out of beta and released as v6.2 today. Please test it. It claims Better & More Extensive Malware Protection and Double Protection against Ransomware.
What language is used to write dll files ?
c++
any language that compiles to assembly
Johnson Patricia Hall William Clark Helen
Hi Leo👋
Harris Steven Martinez Jason Lewis Edward
can you please make a about a antivirus software named QUICK HEAL TOTAL SECURITY it is an INDIAN antivirus i wanted to know how much this antivirus was powerful
AK Oliver Its a meme? Its shit
Walker Susan Lopez Scott Jackson Elizabeth
Face reveal?
- Hos Process for Windows Tasks
- KMS Connection Broker
Oooooh My brain hurt. Too much hard words.
Martin James Jones Dorothy Lopez Barbara
th-cam.com/video/bXnr2y7SPr0/w-d-xo.html
i only know that dlls are for my csgo hack!1!!1
I hope you got banned
Exe duh
I know what is a exe file now
It is a virus of fortnite
Why do we care about memory usage these days?
8GB being the minimum, 16GB being some what standard and 32GB being on high end systems.
So we can actually use that much memory
Upgrade plz.
4GB is nothing these days.
I hover on 6GB most times.
Since I have 32GB and an SSD, I have disabled the PF for maximum performance
IIGrayfoxII wtf 4gb are totally fine for some people
If programs would waste resources for no reason, you couldn't do anything even with 16GB or more
Imagine having 4GB blocked while playing a game that is Ressource intensive or editing 4k Videos. Of course AV manufacturers think about memory consumption
I agree with programs being resource hogs.
Remember back in 1998 when a web browser used less than 50mb of ram?
These days 200MB is needed per tab.
IIGrayfoxII This has to do with the complexity of web-pages too. Although I agree, resource usage should not be higher than necessary.
cd %userprofile%/desktop
open CMD, type Sudo apt-get update.
no more DLL Hell
When you try to crack GTA IV and every dll file is missing
? C:
Question. After that dll injection and the screen that says pc is destroyed, than can you install another os again or its just finished And if another os is installed than the files which are not in os drive will be safe or encrypted ?
I have been told that I can solve a problem with a Steam game by adding Steam.dll to the game's directory.
What is the worst case scenario?
This is why you never turn off your computer.
HI LEO!
Ok I'm an idiot.
well, from what I see, he just wrote the full path to the desktop... he did type the "D" and pressed tab to autocomplete and pressed enter..., just pressing tab works too, though it goes through all the files one by one alphabetically. Anyway, nothing weird happening here.
And you totally missed the point in my original comment.
ah, I c what you meant by the /d :), did you mean that, because you use the D drive?, lol XD
no, i couldn't change the directory without /d if i was changing it also to another drive
oh I c, never thought of changing the path to another drive, since i've always only used one drive until recently, and ah, the /d argument for the cd command makes it possible to change the drive and directory at same time(as google says), well learned something today :D
It was a really great demonstration.
Thanks