Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Perl

C++

Solidity

PHP

Assembly

Emacs Lisp

F#

OCaml

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

PowerShell

Ruby

Elm

Zig

Nix

Swift

Kotlin

Python

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇯🇲 Jamaica

🇧🇪 Belgium

🇵🇫 French Polynesia

🇸🇰 Slovakia

🇪🇷 Eritrea

🇮🇱 Israel

🇮🇹 Italy

🇲🇷 Mauritania

All Countries Compare Countries

secrary/InjectProc

Stars
993
Rank 46,124 (Top 1.0 %)
Language
C++
License
GNU General Publi...
Created over 7 years ago
Updated almost 6 years ago

secrary/InjectProc

secrary

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

InjectProc - Process Injection Techniques [This project is not maintained anymore]

InjectProc

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.

There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.

Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.

DLL injection:

Open target process.
Allocate space.
Write code into the remote process.
Execute the remote code.

Process replacement:

Create target process and suspend it.
Unmap from memory.
Allocate space.
Write headers and sections into the remote process.
Resume remote thread.

Hook injection:

Find/Create process.
Set hook

Note:

InjectProc uses SetWindowsHookEx function, you can try different ways to installing hooks, for example, EasyHook

APC injection:

Open process.
Allocate space.
Write code into remote threads.
"Execute" threads using QueueUserAPC.

Download

Windows x64 binary - x64 bit DEMO

Dependencies:

vc_redist.x64 - Microsoft Visual C++ Redistributable

DEMO

InjectProc DEMO - Process Injection Techniques

Contributors

nullbites

Warning

Works on Windows 10 build 1703, 64bit.

I've not enough time to test other systems and make it portable if you have enough time please contribute.

I create this project for me to better understand how process injection works and I think it will be helpful for many beginner malware analysts too.

makin

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

Andromeda

Andromeda - Interactive Reverse Engineering Tool for Android Applications

SSMA

SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]

idenLib

idenLib - Library Function Identification [This project is not maintained anymore]

InfectPE

InfectPE - Inject custom code into PE file [This project is not maintained anymore]

DrSemu

DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior

Hooking-via-InstrumentationCallback

codes for my blog post: https://secrary.com/Random/InstrumentationCallback/

IDA-scripts

IDAPro scripts/plugins

idenLibX

idenLib (Library Function Identification) plugin for x32dbg

findLoop

findLoop - find possible encryption/decryption or compression/decompression code

AppSecurityLimits

AppSecurityLimits - Allows Executables To Define Security Limits

xCopyPath

sources_from_secrary_posts

DrSemu-Detections

Rules/Detection files for Dr.Semu - https://github.com/secrary/DrSemu