Code Injection via Memory Mapped Files

Overview

MMFCodeInjection

This technique leverages File Mapping and APC(s) to execute shellcode into another process. By leveraging file mapping we would not have to use various functions such as VirtualAllocEx and WriteProcessMemory to copy the shellcode into the remote process but instead we can just use QueueUserAPC to call the functions we want to reference and execute the shellcode in the file we want.

You might also like...
🦘 A dependency injection container for C++11, C++14 and later

kangaru 🦘 Kangaru is an inversion of control container for C++11, C++14 and later. It provides many features to automate dependency injection and red

Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads (beta)
Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads (beta)

K55 - Linux x86_64 Process Injection Utility (C++11) About K55 (pronounced: "kay fifty-five") The K55 payload injection tool is used for injecting x86

a undetectable tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our qqgroup is 703156427

a undetectable ios root access tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

Transacted Hollowing Transacted Hollowing - a PE injection technique. A hybrid between Process Hollowing and Process Doppelgänging. More info here Cha

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

Evasive shellcode loader for bypassing event-based injection detection (PoC)
Evasive shellcode loader for bypassing event-based injection detection (PoC)

(cleaned up version here: https://github.com/xinbailu/DripLoader-Ops) DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection de

A Simple LSASS Credential Injection Tool

CredInject Hello Dear Reader! Welcome to the CredInject repo -- This project is based on HoneyCred and uses the same method to inject credentials into

Spotify AdBlocker for Windows, written in C. DLL Injection.
Spotify AdBlocker for Windows, written in C. DLL Injection.

Spotify AdBlock Windows Spotify Ad Block, in C ! Build Open an issue with information related if any error occurs. mingw32-make all Tested gcc: # gcc

A dumper for CS:GO cheat loaders that use manual map injection method
A dumper for CS:GO cheat loaders that use manual map injection method

NoobDumper v2 A (mostly dll) dumper for CS:GO cheat loaders that use manual map injection method How to use this Inject the dumper into the loader ( x

Owner
Skidding Across Userland @stackoverpwn
null
Injection - Windows process injection methods

Windows Process Injection Here are some popular methods used for process injection on the windows operating system. Conhost ExtraBytes PROPagate Servi

null 1.4k Dec 28, 2022
Code Injection, Inject malicious payload via pagetables pml4.

PageTableInjection Code Injection, Inject malicious payload via pagetables pml4. Introduction This is just a proof-of-concept of the page table inject

Kento Oki 179 Nov 28, 2022
ğŸŽ® Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.

Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github

Liugw 71 Oct 14, 2021
External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil

external_warzone_cheat External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil Offsests are N

NMan 109 Jan 2, 2023
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /

null 157 Jan 2, 2023
TiEtwAgent - PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

TiEtwAgent - ETW-based process injection detection This project was created to research, build and test different memory injection detection use cases

Filip Olszak 187 Dec 20, 2022
Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system

The Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system.

Ulf Frisk 1.7k Jan 2, 2023
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

Cobalt Strike BOF - Inject AMSI Bypass Cobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection. Running inje

boku 307 Dec 28, 2022
A DLL & Code Injection C++ library for Windows.

syringe - A DLL & Code Injection C++ library for Windows. syringe is a DLL & Code Injection C++ library for Windows that contains different techniques

null 5 Jul 28, 2022
Two PoC of accessing process virtual memory via NT Kernel

ProcessVmAccess Two PoC of accessing process virtual memory via NT Kernel Detail You've never interested in accessing process virtual memory through N

Kento Oki 16 Aug 11, 2022