1
00:00:00,550 --> 00:00:09,040
Welcome in this video, we're going to study the API calls using the APC injection, so going down low

2
00:00:09,050 --> 00:00:16,750
in this project zero six and Dash APC injection, unzip it and put it in the Murder two folder.

3
00:00:17,470 --> 00:00:23,410
Within this folder, you find a few files similar to what you have seen before.

4
00:00:23,890 --> 00:00:29,860
The only thing new is APC injection CP FA, so it just open this in.

5
00:00:30,340 --> 00:00:38,830
This is a contained file, so everything in this file is similar to the direct injection, direct contact

6
00:00:38,830 --> 00:00:39,400
injection.

7
00:00:39,920 --> 00:00:40,990
You anything different?

8
00:00:41,240 --> 00:00:44,260
These these function inject APC.

9
00:00:45,730 --> 00:00:48,490
So in the APC is where the magic happens.

10
00:00:48,910 --> 00:00:54,430
In a sense, the iPad, the handle to process this is your target process.

11
00:00:55,030 --> 00:01:00,820
The payload in this case, the payload is a simple message box payload.

12
00:01:03,290 --> 00:01:10,040
And then here, the last parameter is the size of the pier inside you search for the tree.

13
00:01:10,400 --> 00:01:17,960
In the same way we use for the convex injection, once you find the train, you don't see to the handle.

14
00:01:18,650 --> 00:01:27,020
And then over here, you will allocate it with your memory in the remote tray in your remote process.

15
00:01:27,530 --> 00:01:29,810
So you use whichever he asked for it.

16
00:01:30,470 --> 00:01:37,250
And once you've allocated memory, you will save it to this point, to the size of the memory, the

17
00:01:37,250 --> 00:01:38,080
size and the payload.

18
00:01:39,410 --> 00:01:44,540
And then he will copy the shortcut to the payload, using the right to process memory.

19
00:01:45,020 --> 00:01:49,790
The first permutation or process handle is mechanical shark.

20
00:01:50,750 --> 00:01:59,010
So the second is your is allocated memory and in 30 seconds.

21
00:01:59,150 --> 00:02:06,680
So you'll be copying the shellcode payload to your educated memory, which you reciting the target process.

22
00:02:08,330 --> 00:02:11,360
Next is the new API function clock.

23
00:02:11,360 --> 00:02:12,460
You use APC.

24
00:02:13,070 --> 00:02:17,450
So this is where you pass the three parameters.

25
00:02:17,810 --> 00:02:22,430
The first is the shortcut to you have copied over over here, period.

26
00:02:23,240 --> 00:02:26,040
Second is the handle to the track issue of search.

27
00:02:26,780 --> 00:02:29,300
And the last one, the anomaly is blank.

28
00:02:30,370 --> 00:02:38,910
You can also refer to Mr Yang for the details about Cuba's AP user, APC.

29
00:02:39,760 --> 00:02:41,240
So I said three parameters.

30
00:02:41,260 --> 00:02:45,580
The first is your remote court machine, Hotchkiss.

31
00:02:45,910 --> 00:02:54,140
He's the allocated region of memory in a remote process, which contains a chocolate second to handle

32
00:02:54,140 --> 00:02:54,580
the display.

33
00:02:55,120 --> 00:03:00,070
And third is a data that you in the past in the train case, you're not passing any data to the track.

34
00:03:00,190 --> 00:03:02,980
So he just could not fully take parameter.

35
00:03:05,080 --> 00:03:09,610
And the last one is your function, the main function which ties everything together.

36
00:03:09,610 --> 00:03:10,570
Everything is the same.

37
00:03:11,350 --> 00:03:12,630
You search for a process.

38
00:03:12,970 --> 00:03:15,550
Our target possesses the Microsoft business.

39
00:03:15,550 --> 00:03:24,130
You should return the PD and open the bid and return the end of the process using the open process API

40
00:03:24,130 --> 00:03:24,610
function.

41
00:03:25,150 --> 00:03:28,300
And then here you inject ABC.

42
00:03:28,990 --> 00:03:30,730
You call the ABC function.

43
00:03:30,910 --> 00:03:32,350
Pass the parameters.

44
00:03:32,890 --> 00:03:34,170
The first one is tepid.

45
00:03:34,270 --> 00:03:35,440
We should go from here.

46
00:03:36,160 --> 00:03:43,980
So can you handle the process from here and then the actual payload itself and and landing page?

47
00:03:44,920 --> 00:03:51,850
So this is the explanation for the API used in APC injection.

48
00:03:52,360 --> 00:03:53,650
Thank you for watching.