Skip to content
/ HollowProcess Public
forked from joren485/HollowProcess

Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python

0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

megavx/HollowProcess

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
TODO
TODO
 
 
runPE.py
runPE.py
 
 

Repository files navigation

HollowProcess

Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python 2.

A simple implementation of the well known Process Hollowing technique used by malware. The idea to create this came from the excellent book Practical malware analysis.

Warning: This is not 100% stable and reliable. Although I have had a 100% success rate on svchost.exe with a 32 bit payload.

If the payload is an protected executable it will create 0xC0000005 error (Access Violation).

Dependencies:

  • Pefile: install using: pip install pefile

Tests:

  • 32 bit payload into 32 bit target: WORKS
  • 32 bit payload into 64 bit target: NOT TESTED
  • 64 bit payload into 32 bit target: NOT TESTED (I do not know if this is actually possible)
  • 64 bit payload into 64 bit target: NOT TESTED

About

Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%