C/C++ Windows Process Injector for Educational Purposes.

Last update: May 3, 2022

Comments: 0

ProcessInjector

What does this software do?

This is a simple process injector that uses the CreateRemoteThread method. Payload is obfuscated using Base64 encoding and single-byte XOR encryption for evasion. It downloads a payload from a remote address. You can use msfvenom payloads or other shellcodes.

payload_encoder will create payload with msfvenom; you can change the XOR key for both payload encoder and injector.

Usage

Create your payload with payload_encoder or manually. Upload it to a web server.

In target machine execute it as following,

ProcessInjector.exe

Example,

ProcessInjector.exe explorer.exe

Responsibility Information

Please use this program for legal and educational purposes. I am not responsible for any illegal activity.

Owner

Berat Çağrı Eroğlu

Cyber Security.

https://github.com/ber0glu/ProcessInjector

Similar Resources

Play Doh Windows ACL Tools

PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。

Oct 30, 2022

This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Dec 21, 2022

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s

Jan 3, 2023

CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发

CVE-2021-1732 CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发受影响系统及应用版本 Windows Server, version 20H2 (Server Core Installation) Windows 10

Nov 9, 2022

Windows user-land hooks manipulation tool.

MineSweeper Windows user-land hooks manipulation tool. Highlights Supports any x64/x86 Windows DLL (actually, any x64/x86 Windows PE for that matter)

Dec 9, 2022

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Dec 30, 2022

Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

Jul 22, 2022

AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

AlleyWind AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows. AlleyWind could: Displays a graphic

Oct 20, 2022

WinMerge is an Open Source differencing and merging tool for Windows.

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

Jan 1, 2023

Related tags

Utilities ProcessInjector

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

TiEtwAgent - ETW-based process injection detection This project was created to research, build and test different memory injection detection use cases

Dec 26, 2022

x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

Dec 26, 2022

Extended Process List (Search functionality)

Extended Process List (ps with search) (64-bit only) Added search functionality for process listing. Credits to @odzhan, Alfie Champion (@ajpc500), Sy

May 7, 2022

Beacon Object File (BOF) for remote process injection via thread hijacking

cThreadHijack ___________.__ .______ ___ .__ __ __ ___\__ ___/| |_________ ____ _____

Dec 28, 2022

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

Dec 28, 2022

C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector

What does this software do?

Usage

Responsibility Information

Owner

Berat Çağrı Eroğlu

Similar Resources

Play Doh Windows ACL Tools

This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发

Windows user-land hooks manipulation tool.

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Windows x64 rootkit

AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

WinMerge is an Open Source differencing and merging tool for Windows.

Related tags

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

Extended Process List (Search functionality)

Beacon Object File (BOF) for remote process injection via thread hijacking

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)

CacheLib is a C++ library providing in-process high performance caching mechanism.

Section Mapping Process Injection (secinject): Cobalt Strike BOF

This is a experimental tool to hide process in FreeBSD

the checkra1n set of tools targeting bare metal, Linux and Windows