Switch branches/tags
Nothing to show
Find file History


Demo: RunPE

This is a demo project using libpeconv.
RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process. The given implementation works for PE 32bit as well as 64bit.

Supported injections:

If the loader was built as 32 bit:

32 bit payload -> 32 bit target

If the loader was built as 64 bit:

64 bit payload -> 64 bit target
32 bit payload -> 32 bit target

How to use the app:

Supply 2 commandline arguments:

[payload_path] [*target_path]
* - optional

If target path is not supplied, calc.exe is used as the default target.

Compiled versions:

32bit: https://drive.google.com/uc?export=download&id=1ecRq0R3ABzkXELfyx95qxFjIsCCEFbEz
64bit: https://drive.google.com/uc?export=download&id=1ohcIvmMnFq5OgONaZXlkQQ2TkmJbpLhl