Skip to content
/ RunPeInMemory Public

Example of using the process hollowing technique.

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xoreaxecx/RunPeInMemory

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
Res_crm.h
Res_crm.h
 
 
RunPeInMemory.cpp
RunPeInMemory.cpp
 
 

Repository files navigation

RunPeInMemory

Example of using the process hollowing technique.
The application runs the target 32-bit executable in memory of the victim's 32-bit executable.

Principle of operation:

  • decrypt target PE from resources;
  • start the victim process in a suspended state;
  • allocate memory within the victim to place the target;
  • transfer target sections to allocated memory;
  • apply relocations for the new base address;
  • resume the victim process.

About

Example of using the process hollowing technique.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages