Skip to content

jymcheong/InjectProc

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
InjectProc
InjectProc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
InjectProc - Process Injection Techniques.sln
InjectProc - Process Injection Techniques.sln
 
 
README.md
README.md
 
 

Repository files navigation

InjectProc

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.

There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.

Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.

DLL injection:

  • Open target process.
  • Allocate space.
  • Write code into the remote process.
  • Execute the remote code.

Process replacement:

  • Create target process and suspend it.
  • Unmap from memory.
  • Allocate space.
  • Write headers and sections into the remote process.
  • Resume remote thread.

Hook injection:

  • Find/Create process.
  • Set hook

APC injection:

  • Open process.
  • Allocate space.
  • Write code into remote threads.
  • "Execute" threads using QueueUserAPC.

Download

Windows x64 binary - x64 bit DEMO

Dependencies:

vc_redist.x64 - Microsoft Visual C++ Redistributable

DEMO

InjectProc DEMO - Process Injection Techniques

Warning

I create this project for me to better understand how process injection works and I think it will be helpful for many beginner malware analysts too.

About

InjectProc - Process Injection Techniques

Topics

code-injection

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C++ 100.0%