Skip to content

11philip22/DllHollowing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
Hollower
Hollower
 
 
PhantomHollower
PhantomHollower
 
 
cfgTest
cfgTest
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
DllHollowing.sln
DllHollowing.sln
 
 
README.md
README.md
 
 

Repository files navigation

DllHollowing

Dll Hollower

This code works on my machine @ 22-06-2021

Injects shellcode to remote process

Explanation

Create a notepad.exe process as host.
Load Dll into remote process by calling LoadLibaryW with a remote thread.
Get Dll AddressofEntryPoint.
Write shellcode to AddressofEntryPoint and call shellcode with CreateRemoteThread.

References

https://www.ired.team/offensive-security/code-injection-process-injection/modulestomping-dll-hollowing-shellcode-injection

Phantom Dll Hollower

This code works on my machine @ 22-06-2021

Loads shellcode in local process.
Forrest-orr's PoC but then in C.
I added usermode capabilities where all dll's drom system32 are copied to temp folder if program is not run elevated.

Explanation

References

https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing

About

Various dll hollowing techniques

Topics

dll-injection code-cave shellcode-loader shellcode-injection dll-hollowing

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

3 forks
Report repository

Languages