GitHub - NUL0x4C/NoRunPI: Run Your Payload Without Running Your Payload

NUL0x4C / NoRunPI Public

Notifications You must be signed in to change notification settings
Fork 29
Star 175

Run Your Payload Without Running Your Payload

175 stars 29 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
NoRunPI		NoRunPI
LICENSE		LICENSE
NoRunPI.sln		NoRunPI.sln
README.md		README.md

Repository files navigation

NoRunPI: Run Your Payload Without Running Your Payload

Since "SettingSyncHost.exe -Embedding" Runs a Thread On "SHCore.dll!Ordinal172+0x100", We can hijack the flow before this thread start, to do that :

Load shcore.dll to calculate the thread's entry
Create "SettingSyncHost.exe -Embedding" Process
BruteForce the address calculated (stop when its valid)
suspend the process
inject the payload to the calculated address
resume the process
$$

DEMO:

Note That This is An idea more than a stable poc on a process injection technique, you can find a lot of such processes (creating such threads) and implement your own code using the same way for the same results ... (for example on my machine, the same process have a thread on combase.dll!InternalTlsAllocData+0x70)

About

Run Your Payload Without Running Your Payload

Report repository

Releases

No releases published

Packages

Languages

C 100.0%