Skip to content
No description, website, or topics provided.
C++ Python C
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CodeCoverageMiniStompInjection
README.md
parse-drcov-identify-untouched.py

README.md

CodeCoverageModuleStomping

Tools to support code coverage based module stomping. Based on the blog post: http://williamknowles.io/living-dangerously-with-module-stomping-leveraging-code-coverage-analysis-for-injecting-into-legitimately-loaded-dlls/

parse-drcov-identify-untouched.py - analyses DynamoRIO's drcov output. Run the script as follows, with the argument being the drcov output file. It's Python3 with the only non-standard dependency being PrettyTable.

python3 parse-drcov-identify-untouched.py drcov.mspaint.exe.11520.0000.proc-win10-beacon.log

CodeCoverageModuleStomping - a simple C++ project for testing injecting into the memory regions of an already loaded module (DLL) at a particular offset. Shellcode should be included in the only header file of the project. It's designed for testing on Windows 10 and sets up call targets for Control Flow Guard (CFG); if you want to run this on older operating systems you'll probably need to comment this section of code out. Run the compiled binary as follows:

CodeCoverageMiniStompInjection.exe <program-to-start-to-inject-into> <module-name-to-inject-into> <offset-bytes-into-module>

For example:

CodeCoverageMiniStompInjection.exe mspaint.exe combase.dll 1599552
You can’t perform that action at this time.