ZeroMemoryEx/Shellcode-Injector ZeroMemoryEx/Shellcode-Injector

  • Stars
    star
    111
  • Rank 314,510 (Top 7 %)
  • Language
    C++
  • Created about 3 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZeroMemoryEx/Shellcode-Injector
github

ZeroMemoryEx

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

x64/x86 shellcode injector

What is Process Injection?

  • It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process’s memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.

TECHNICAL DETAILS

  • OpenProcess API

    Opens an existing local process object and return an open handle to the specified process.****

    Parameters

    [in] dwDesiredAccess

    The access to the process object. This access right is checked against the security descriptor for the process. This parameter can be one or more of the process access rights.

    If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the security descriptor.

    [in] bInheritHandle

    If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle.

    [in] dwProcessId

    The identifier of the local process to be opened.

    If the specified process is the System Idle Process (0x00000000), the function fails and the last error code is ERROR_INVALID_PARAMETER. If the specified process is the System process or one of the Client Server Run-Time Subsystem (CSRSS) processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.

    If you are using GetCurrentProcessId as an argument to this function, consider using GetCurrentProcess instead of OpenProcess, for improved performance.

  • VirtualAllocEx API

    Reserves a region of memory within the virtual address space of a specified process, The function initializes the memory it allocates to zero and return the base address of the allocated memory .

  • WriteProcessMemory API

    Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.****

  • CreateRemoteThread API

    Creates a thread that runs in the virtual address space of another process and return a handle to the new thread.

DEMO

Alt Text

More Repositories

1

Terminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
C++
923
star
2

Blackout

kill anti-malware protected processes ( BYOVD) (Microsoft Won )
C++
887
star
3

Chaos-Rootkit

Now You See Me, Now You Don't
C++
841
star
4

Amsi-Killer

Lifetime AMSI bypass
C++
587
star
5

APT38-0day-Stealer

APT38 Tactic PoC for Stealing 0days from security professionals
C++
267
star
6

C2-Hunter

Extract C2 Traffic
C++
245
star
7

Handle-Ripper

simple Windows handle hijacker with a nod to Apxaey for inspiration
C++
200
star
8

Orca

Incomplete project
C++
189
star
9

Bypass-Sandbox-Evasion

Bypass Malware Sandbox Evasion Ram check
C++
133
star
10

Tokenizer

Kernel Mode Driver for Elevating Process Privileges
C
129
star
11

SleepKiller

Bypass Malware Time Delays
C++
97
star
12

URootkit

user-mode Rootkit
C++
97
star
13

Wizard-Loader

Abuse Xwizard.exe for DLL Side-Loading
C++
83
star
14

U-Boat

Russian Wipers Dropper (educational-purposes )
C++
83
star
15

Overlord

abusing Process Hacker driver to terminate other processes (BYOVD)
C++
79
star
16

Hooks_Hunter

Detect API Hooks
C++
67
star
17

DeadLight

C# Malware that Steal Discord Token Directly From Memory and bypass any kind of token protection
C#
57
star
18

Dll-Injector

simple C++ dll injector
C++
53
star
19

BufferOverFlow

Exploit Windows-Based BufferOverflow (vulnserver)
C
44
star
20

TrampHook

x86 Trampoline Hook
C++
37
star
21

Among-Us-External

external hack for Among Us (PATCHED)
C++
36
star
22

Btc-Grabber

x86 Btc Stealer with Thread Hijack implemented (educational-purposes)
C++
34
star
23

Thread-Hijacking

Thread Execution Hijacking technique
C++
34
star
24

RSPCKiller

RtlSetProcessIsCritical Killer
C++
30
star
25

CE_AC_CI_EX

Solving game hacking challenges (CE/AC) using ASM/C++
Assembly
28
star
26

Mail_Killer

anonymous spam E-mail sender
Python
22
star
27

WDropper

C++ PowerShell dropper
C++
21
star
28

IFEO-PoC

Image File Execution Options Injection PoC
C++
19
star
29

KlTroll

Trolling Keyloggers by Forcing them to log Specific Text then freezing them
C++
17
star
30

AX509

subdomain finder
Python
10
star
31

AC-External

(basic)AC external hack written in C++
C++
10
star
32

CiaIoctl

User/Kernel Mode communication using IOCTL
C
9
star
33

Malware-IOCs

some of my IOCs from malware investigations
YARA
8
star
34

GRage

x86 Funny malware that Troll GTA players by killing the character every time it respawn
C++
8
star
35

HackTheBox-CubeMadness

external hack for CubeMadness
C++
5
star
36

ShEye

Simple Program To Detect API Hooks by Scanning OpCode Patterns
C++
2
star
37

Malwares-IDEAS

1
star