There are 3 repositories under runpe topic.
Demos of various injection techniques found in malware
Run a Exe File (PE Module) in memory (like an Application Loader)
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
Tool to evade Antivirus With Different Techniques
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
Cronos Crypter is an simple example of crypter created for educational purposes.
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
execute a PE in the address space of another PE aka process hollowing
Nim process hollowing loader
Simple protector to show how to run a payload without dropping it using RunPE Technique
Mystery Legacy Repo is for advanced penetration tools
Golang version of https://github.com/hasherezade/libpeconv
Lime Crypter Obfuscator Mod
An implementation of the Process Hollowing technique.
Make "upx -d" unpacking impossible!
RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
Delphi Process Hollowing, Updated.
C++ application that uses memory and code hooks to detect packers
Carbon Crypter / Packer
DevinPE-ProcessHollowing-Example
Fullyundedectable Runtime Crypter Services