Skip to content

MahmoudZohdy/Process-Injection-Techniques

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits

Process_Injection_Techniques

Process_Injection_Techniques

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Process-Injection-Techniques

This is the C implementation of Diffrent Process Injection Technique.

Usage: Process_Injection_Techniques.exe

This wil print the injection techniques that is implemented and how to use them

Techniques that i will cover here:

[x] Inject Dll in remtote process using CreateRemoteThread API.

[x] Inject Dll in remtote process using SetWindowsHookExW API.

[x] Inject ShellCode in remtote process using CreateRemoteThread API.

[x] Inject ShellCode in remote process using QueueUserAPC API.

[x] Inject ShellCode in remote process using Early Bird Technique.

[x] Inject ShellCode in remote process using TLS CallBack Technique.

[x] Inject using Thread execution hijacking.

[x] Inject Dll in remtote process using Reflective DLL injection.

[x] inject using Process Hollowing.

[x] inject using Process Doppelganging.

[ ] inject using Atom Bombing.

[x] inject using Process Ghosting.

[x] inject and persist using Image File Execution Options.

[x] inject using using AppInit_DLLs Registry.

[x] inject using using AppCertDlls Registry.

NOTE:
- In Process Hollowing Injection technique, it Crashes With Some 64bit process like System32\svchost.exe,... 
- In Process Ghosting injecting 32bit in 32bit work only on 32bit version of windows.
- In Reflective DLL injection The Dll To inject should Depend only on Kernel32.dll and ntdll.dll for stability, as they are loaded at the same base address for all processes on the system, See Refrence[6] in the README for more info
- In case Process Doppelganging it does not work on windows 10 can't start the main thread return STATUS_ACCESS_DENIED But work fine on windows 8.1 and 7

if you Know the Solution please for the Process Hollowing and Process Ghosting let me know on abdelaziz.zohdy@gmail.com.

Refrence:

[1]https://skanthak.homepage.t-online.de/appcert.html

[2]https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack

[3]https://github.com/hasherezade/process_ghosting

[4]https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

[5]https://github.com/stephenfewer/ReflectiveDLLInjection

[6]http://www.nynaeve.net/?p=198

[7]https://www.ired.team/

About

Various Process Injection Techniques

Topics

injection dll-injection process-hollowing process-doppelganging early-bird shellcode-injection thread-hijacking tls-injection apc-injection appcertdlls appinit-dlls image-file-execution-options process-ghosting reflective-dll-injection

Resources

Readme

License

MIT license
Activity

Stars

121 stars

Watchers

5 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages