Skip to content
/ Ghost-Injector Public

Reflective PE Injector, which forces the remote process to read local memory instead of using WriteProcessMemory

License

MIT license
11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OgnianM/Ghost-Injector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

GhostWriter.c

GhostWriter.c

 
 

GhostWriter.h

GhostWriter.h

 
 

LICENSE

LICENSE

 
 

PE.c

PE.c

 
 

PE.h

PE.h

 
 

README.md

README.md

 
 

ReflectiveInjector.c

ReflectiveInjector.c

 
 

ReflectiveInjector.h

ReflectiveInjector.h

 
 

example.c

example.c

 
 

Repository files navigation

Ghost-Injector

Reflective PE Injector, which forces the remote process to read local memory instead of using WriteProcessMemory

Not tested on x64 yet.

Usage:

  1. Create a GHOSTWRITER context

  2. Initialize it with InitGhostWriter

  3. If all went well, you can now get a thread from any process in the system (create one in the process for simplicity) and call PrepareThread on it

  4. If GWPrepareThread succeeds, you can now use GWriteMemory and GWCall to do your thing 4.1 (optional) use the reflective injector with the prepared thread.

  5. (optional) Once you've finished your work, you can use GWResumeThread to restore it to its original state.

Note: If you use the included injector with the INJECTOR_AUTO_RUN flag, the thread you provide will be used for executing your payload, so calling GWResumeThread under such circumstances will be ineffective.

About

Reflective PE Injector, which forces the remote process to read local memory instead of using WriteProcessMemory

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages