Giters

akpotter / process_chameleon

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

Home Page:https://www.youtube.com/watch?v=S3iCZ3BKkLk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Process Chameleon

Build status

This is my "lil_calc" PoC presented on the video:
Test with ProcessExplorer vs TaskManager
It is not FUD, but it can fool some tools and it can be used as a test case.
The process overwrites its own PEB to create an illusion, that it has been loaded from a different path.

About

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

https://www.youtube.com/watch?v=S3iCZ3BKkLk

Languages

Language:C 92.2%Language:C++ 7.3%Language:CMake 0.4%