GithubHelp home page GithubHelp logo

5l1v3r1 / transacted_hollowing Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hasherezade/transacted_hollowing

0.0 0.0 0.0 225 KB

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

License: MIT License

CMake 0.68% C++ 15.46% C 83.86%

transacted_hollowing's Introduction

Transacted Hollowing

Build status

Transacted Hollowing - a PE injection technique. A hybrid between Process Hollowing and Process Doppelgänging.

transacted hollowing diagram

More info here.

"Ghostly" Hollowing - a similar technique, but using a delete-pending file instead of the transacted file. A hybrid between Process Hollowing and Process Ghosting.

ghostly hollowing diagram

You can switch to build the second variant with the help of the CMake option: GHOSTING. By default, Transacted Hollowing is built.

CMake flag

Characteristics:

  • Payload mapped as MEM_IMAGE (unnamed: not linked to any file)
  • Sections mapped with original access rights (no RWX)
  • Payload connected to PEB as the main module
  • Remote injection supported (but only into a newly created process)

View

Supported injections:

If the loader was built as 32 bit:

32 bit payload -> 32 bit target

If the loader was built as 64 bit:

64 bit payload -> 64 bit target
32 bit payload -> 32 bit target

How to use the app:

Supply 2 commandline arguments:

[payload_path] [target_path]

Payload is the PE to be executed impersonating the Target.

transacted_hollowing's People

Contributors

hasherezade avatar kkent030315 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.