Windows 10: Process Injection and Process Isolation by OS

Discus and support Process Injection and Process Isolation by OS in AntiVirus, Firewalls and System Security to solve the problem; If the OS is responsible for ensuring that one process cannot access another process memory space, and the point of process isolation is to keep... Discussion in 'AntiVirus, Firewalls and System Security' started by Akhterahmad, Jul 29, 2021.

  1. Process Injection and Process Isolation by OS


    If the OS is responsible for ensuring that one process cannot access another process memory space, and the point of process isolation is to keep processes separate from one another, then how can a malicious process perform actions on another process, say for example a DLL injection?Example: In the Windows API how can a malicious process call CreateRemoteThread on another process to create a malicious thread under that target process? Isn't that an inherently unsafe API call?

    :)
     
    Akhterahmad, Jul 29, 2021
    #1
  2. GNJha Win User

    Boot Process

    Hi,

    Please suggest me a link that can explain the boot process step by step of ...

    • Windows 7,
    • Windows 8.1,
    • Windows 10,
    • Windows Server 2008 R2 and
    • Windows Server 2012 R2

    With Regards

    InTech
     
    GNJha, Jul 29, 2021
    #2
  3. User32.dll recognized as dll injection process.

    Hello , I was actually trying to run a game on my computer (win10). This game has an anti dll injection software attached to it called xigncode. The problem is that this software detects user32.dll as a third party process and prevents the game from running.
    But user32.dll is not a process that I can terminate in itself. How do I deal with this? Is user32.dll associated with any specific processes that may cause that issue ? Because it seems that this program recognizes a process running in the background as a
    potential threat. By the way , I have all the services , except the microsoft ones , disabled , thus , the only thing that may cause this issue is a microsoft process. But I am really having a hard time finding which one and why.

    ***Post moved by the moderator to the appropriate forum category.***
     
    Alex Lence, Jul 29, 2021
    #3
  4. S-and-S Win User

    Process Injection and Process Isolation by OS

    Has Windows some legal way to inject DLL into processes?

    Essentially, code injection is a hack.

    Nevertheless, code injection is a normal part of the Windows application platform because it’s often the only way for a third-party to accomplish a task. Compared to iOS or Android, which (I think) lack the ability to inject code, the Windows desktop is
    arguably more powerful because if offers this kind of flexibility.

    You surely know that lots of problems can result when DLLs (or other code) from third parties are injected into Windows processes, because the code injected was not designed, built, or tested by Microsoft. It runs the risk of creating issues that weren’t
    there before or exacerbating issues that were already there. Nevertheless, Windows includes APIs that can be used for code injection, and Windows doesn’t prevent processes on your computer from interfering with each other like this.

    This forum isn't the place for learning about these APIs - and in any case, I'm not nearly knowledgeable enough to explain them. You want MSDN. This forum is where the lowest of the low in computer ability comes to try to unravel the mess they made.
     
    S-and-S, Jul 29, 2021
    #4
Thema:

Process Injection and Process Isolation by OS

Loading...
  1. Process Injection and Process Isolation by OS - Similar Threads - Process Injection Process

  2. Windows defender log Injection into process is blocked

    in Windows 10 Gaming
    Windows defender log Injection into process is blocked: I schedule a scan using Task Scheduler as follows: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" with parms of: -Scan -ScanType 2 -GetFiles then when I look at the logs in C:\ProgramData\Microsoft\Windows Defender\Support, I see in one of the logs this, repeated many times:...
  3. Windows defender log Injection into process is blocked

    in Windows 10 Software and Apps
    Windows defender log Injection into process is blocked: I schedule a scan using Task Scheduler as follows: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" with parms of: -Scan -ScanType 2 -GetFiles then when I look at the logs in C:\ProgramData\Microsoft\Windows Defender\Support, I see in one of the logs this, repeated many times:...
  4. Windows defender log Injection into process is blocked

    in AntiVirus, Firewalls and System Security
    Windows defender log Injection into process is blocked: I schedule a scan using Task Scheduler as follows: "%ProgramFiles%\Windows Defender\MpCmdRun.exe" with parms of: -Scan -ScanType 2 -GetFiles then when I look at the logs in C:\ProgramData\Microsoft\Windows Defender\Support, I see in one of the logs this, repeated many times:...
  5. Windows 11 Notepad injecting into another process - is this normal?

    in Windows 10 Gaming
    Windows 11 Notepad injecting into another process - is this normal?: Carbon Black Endpoint Standard is detecting Notepad injecting into another process, but only on Windows 11.Is this something that's "normal" for the Windows 11 version of Notepad?notepad.exe using SetWindowsHookEx for...something?What's it doing? WHY?To be clear, this isn't...
  6. Windows 11 Notepad injecting into another process - is this normal?

    in Windows 10 Software and Apps
    Windows 11 Notepad injecting into another process - is this normal?: Carbon Black Endpoint Standard is detecting Notepad injecting into another process, but only on Windows 11.Is this something that's "normal" for the Windows 11 version of Notepad?notepad.exe using SetWindowsHookEx for...something?What's it doing? WHY?To be clear, this isn't...
  7. processes

    in Windows 10 BSOD Crashes and Debugging
    processes: Which processes should be running, at any normal time, for Windows 10? Not start up processes I know it varies from time to time. But my computer runs well over 125 and its super slow. HELP!...
  8. will process monitor capture the process

    in Windows 10 Software and Apps
    will process monitor capture the process: i am playing a game which has an issue. sometimes when i am playing the game it will minimize by itself as if i pressed alt tab. if the issue happens again then i will use process monitor and i will follow Process Monitor Tutorial to capture all the processes that happened...
  9. Has Windows some legal way to inject DLL into processes?

    in AntiVirus, Firewalls and System Security
    Has Windows some legal way to inject DLL into processes?: I want to modify behavior of applications. Coloring of caret depending of keyboard layout in particular. And i need for this purpose some possibility to load my DLL into the processes. AppInit_DLLs, AppCertDLLs actually don't work. SetWindowsHookEx() works with problems (i...
  10. processes

    in AntiVirus, Firewalls and System Security
    processes: I was wonder what winlogon.exe process doing in my task manager? TCPSVCS.EXE with all caps what is that? https://answers.microsoft.com/en-us/windows/forum/all/processes/7df7022c-cf02-4951-bb37-b3b002a479db"