Methods of protection against DLL injections

I decided to try Python for desktop development and came across such a concept as DLL injection. I also have a repository with which you can inject any Python code into an executable Python process with Process Hacker 2.

Hence the question, how can you protect yourself? Could you give any specific guidelines for this? Can you consider some specific examples of protection against DLL injections for Python.

I think you’ll find that if someone has admin access or root (on Linux) they could do just about anything.

There is a really cool tool called API monitor that I’ve used to reverse engineer and debug/hack things before on Windows. (API Monitor: Spy on API Calls and COM Interfaces (Freeware 32-bit and 64-bit Versions!) | rohitab.com).

Give it a try sometime to see the true power of hooking calls. On the Linux side, we have strace and friends.

Anyways I think this is a case where there are ways to obfuscate but security by obfuscation isn’t security.

1 Like

Hence the question, how can you protect yourself?

Interesting attack. I think it’s one of those where if the attacker can get the target (you) to run their code that gets their payload .dll or .so on to your system, their code can already do much worse. You’re already pwned.

So the mitigation is the same as for many other attacks - pay attention to your operating system’s security warnings, run programs with least privilege (i.e. not as admin or root, if possible) and don’t run binaries or Python code from untrustworthy sources, especially from cracked games, or random people on discord.

If these suspect programs and code must be investigated, then look into the tools security investigators use - some sort of secure isolated environment is needed to run it in.