Giters

CrackerCat / PEResourceInject

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PEResourceInject

A way to avoid using VirtualAllocEx/WriteProcessMemory to inject shellcode into a process. You need access to modify the target executable.

  • Write shellcode to the target's .rsrc as a bitmap using the UpdateResource APIs
  • Spawn the exe suspended
  • Calculate the shellcode location by parsing the PE header
  • VirtualProtectEx to RX
  • Get/SetThreadContext to execute

Usage (x64 only)

PEResourceInject.exe -exe <C:\path\to\target.exe> -bin <C:\Path\to\raw\shellcode.bin>

Tested with:

  • MS Office/VLC/FireFox
  • Shellcode: MSFVenom/Apollo

References/APIs:

A dive into the PE file format by 0xRick

BeginUpdateResource
UpdateResource
EndUpdateResource

About

License:BSD 3-Clause "New" or "Revised" License

Languages

Language:C 100.0%