Skip to content
/ LoadEXE Public

A Proof that SetWindowHook API can inject exe itself into another process

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MoePus/LoadEXE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LoadExe
LoadExe
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
LoadExe.sln
LoadExe.sln
 
 
readme.md
readme.md
 
 

Repository files navigation

LoadEXE

A Proof that SetWindowHook API can inject exe itself into another process

Principle

SetWindowsHook calls _SetWindowsHookEx which has less check on arguments

Advantages & Disadvantages

  • Can inject a pe file without LoadLibrary it.
  • Can inject pe itself into another process.
  • Do not notify the Ring3 LdrpSendDllNotifications.
  • Do not need process handle.
  • No new thread or shellcode.
  • Need target HWND.
  • Notifies LoadImage and minifilter in kernel.
  • Do not support TLS callback.(Not implemented)

About

A Proof that SetWindowHook API can inject exe itself into another process

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages