Skip navigation.



I have two questions:

1. Problem: I suspect that it may be possible to modify the name of a loaded module, i.e. a process monitor displays "foobar.dll" but it really contains mallicious code?

Question: Is this possible? It doesnt seem so far fetched.

2. About process thread hijacking: is that really something smart? Its not like most processes have a bunch of auxillary threads lingering about "just in case" they should be necessary. As a coder you create a thread when you need one. As far as i see it, Hijacking a thread in the middle of its execution and overwriting it with a payload of your own could result in a very unstable code.

Question: Is this really something that is used out there in the wild or is it just theoretical?

Thanks in advance for any replies.