GitHub - stjordanis/NoRunPI: Run Your Payload Without Running Your Payload

stjordanis / NoRunPI Public

forked from NUL0x4C/NoRunPI

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Run Your Payload Without Running Your Payload

0 stars 29 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
NoRunPI		NoRunPI
LICENSE		LICENSE
NoRunPI.sln		NoRunPI.sln
README.md		README.md

Repository files navigation

NoRunPI: Run Your Payload Without Running Your Payload

Since "SettingSyncHost.exe -Embedding" Runs a Thread On "SHCore.dll!Ordinal172+0x100", We can hijack the flow before this thread start, to do that :

Load shcore.dll to calculate the thread's entry
Create "SettingSyncHost.exe -Embedding" Process
Wait for ~ 5 ms ~ just make sure that the newly created process loads shcore.dll [NOTE ON THIS IN THE CODE]
suspend the process
inject the payload to the calculated address
resume the process
$$

DEMO:

Note That This is An idea more than a stable poc on a process injection technique, you can find a lot of such processes (creating such threads) and implement your own code using the same way for the same results ... (for example on my machine, the same process have a thread on combase.dll!InternalTlsAllocData+0x70)

About

Run Your Payload Without Running Your Payload

Code of conduct

Security policy

Report repository

Releases

No releases published

Packages

No packages published

Languages

C 100.0%